File name:

Yandex.exe

Full analysis: https://app.any.run/tasks/47b824ff-b119-4b91-9443-67ac2060589e
Verdict: Malicious activity
Analysis date: October 10, 2024, 14:16:18
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

7B9564D7EAF5C37FC4878623CA16B349

SHA1:

27CEAC46C5AF570D4DBEE9786A807B1240A35F17

SHA256:

5615FBEFA0BC20596B5C49E5D57CD112C7870E92C4C4701C902A06F74014F233

SSDEEP:

98304:UsPEjIdh6snbxANo56X6/tlHUrUJUvonvChE9LK9ULf3l7pbLEgim8E/YN1NjHNj:WQjwDuVS/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Application launched itself

      • setup.exe (PID: 3396)
      • setup.exe (PID: 3864)
      • service_update.exe (PID: 6444)
      • service_update.exe (PID: 6592)
      • Yandex.exe (PID: 3028)
      • setup.exe (PID: 3104)
      • setup.exe (PID: 7952)
      • browser.exe (PID: 6884)

    • Executable content was dropped or overwritten

      • yb7F36.tmp (PID: 6908)
      • service_update.exe (PID: 4208)
      • setup.exe (PID: 3864)
      • browser.exe (PID: 8072)
      • yabroupdater.tmp (PID: 7296)

    • Starts itself from another location

      • service_update.exe (PID: 4208)

    • Starts application with an unusual extension

      • Yandex.exe (PID: 3532)

    • Executes as Windows Service

      • service_update.exe (PID: 6444)

  • INFO

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 6692)

    • Manual execution by a user

      • browser.exe (PID: 6884)
      • Yandex.exe (PID: 3028)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.odttf | Obfuscated subsetted Font (92.8)
.exe | Generic Win/DOS Executable (3.5)
.exe | DOS Executable Generic (3.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:10:02 18:08:24+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 1117184
InitializedDataSize: 9361920
UninitializedDataSize: -
EntryPoint: 0xde9e0
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 24.7.6.892
ProductVersionNumber: 24.7.6.892
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: YANDEX LLC
FileDescription: Yandex
FileVersion: 24.7.6.892
InternalName: lite_installer
LegalCopyright: Copyright (c) 2012-2024 YANDEX LLC. All Rights Reserved.
ProductName: Yandex
ProductVersion: 24.7.6.892
ProductChromiumVersion: 126.0.6478.234
ProductYandexVersion: 24.7.6.892
CompanyShortName: YANDEX LLC
ProductShortName: Yandex Installer
LastChange: 25fbf2258c92a918d4d9b10d27f18394b629efdd
OfficialBuild: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
233
Monitored processes
93
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start openwith.exe no specs rundll32.exe no specs yandex.exe yandex.exe yb7f36.tmp setup.exe no specs setup.exe setup.exe no specs service_update.exe service_update.exe no specs service_update.exe no specs service_update.exe no specs service_update.exe no specs service_update.exe no specs clidmgr.exe conhost.exe no specs clidmgr.exe conhost.exe no specs browser.exe browser.exe no specs browser.exe no specs browser.exe no specs browser.exe browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs setup.exe no specs setup.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs yabroupdater.tmp setup.exe setup.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
300"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=F5E68667-9A7A-4D62-ADF3-699C249C10C1 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --allow-prefetch --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4612,i,9531524333417749586,14537976479992328818,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:1C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.7.6.892
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.7.6.892\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
700"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=F5E68667-9A7A-4D62-ADF3-699C249C10C1 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6324,i,9531524333417749586,14537976479992328818,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:1C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.7.6.892
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.7.6.892\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
1168"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Temp\source3864_290676193\Browser-bin\clids_yandex.xml"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
setup.exe
User:
admin
Company:
Yandex
Integrity Level:
HIGH
Description:
ClidManagerModule
Exit code:
0
Version:
1,0,0,44
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\clidmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1204"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=F5E68667-9A7A-4D62-ADF3-699C249C10C1 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --yagp --enable-instaserp --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6220,i,9531524333417749586,14537976479992328818,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:1C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.7.6.892
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
1204"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --user-id=F5E68667-9A7A-4D62-ADF3-699C249C10C1 --brand-id=int --process-name="Data Decoder Service" --field-trial-handle=7824,i,9531524333417749586,14537976479992328818,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7828 --brver=24.7.6.892 /prefetch:8C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.7.6.892
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.7.6.892\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
1584"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=F5E68667-9A7A-4D62-ADF3-699C249C10C1 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4572,i,9531524333417749586,14537976479992328818,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2620 /prefetch:1C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Version:
24.7.6.892
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.7.6.892\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
1884"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --user-id=F5E68667-9A7A-4D62-ADF3-699C249C10C1 --brand-id=int --process-name="Data Decoder Service" --field-trial-handle=7620,i,9531524333417749586,14537976479992328818,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=7804 --brver=24.7.6.892 /prefetch:8C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.7.6.892
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.7.6.892\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
2088"C:\Program Files (x86)\Yandex\YandexBrowser\24.7.6.892\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\WINDOWS\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=97b7721c4994e2556ff6a439510f665d --annotation=main_process_pid=6444 --annotation=plat=Win64 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.6.892 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6d6438b18,0x7ff6d6438b24,0x7ff6d6438b30C:\Program Files (x86)\Yandex\YandexBrowser\24.7.6.892\service_update.exeservice_update.exe
User:
SYSTEM
Company:
YANDEX LLC
Integrity Level:
SYSTEM
Description:
Yandex
Version:
24.7.6.892
Modules
Images
c:\program files (x86)\yandex\yandexbrowser\24.7.6.892\service_update.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2360"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=F5E68667-9A7A-4D62-ADF3-699C249C10C1 --brand-id=int --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=5728,i,9531524333417749586,14537976479992328818,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:1C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Version:
24.7.6.892
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.7.6.892\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
2416"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=F5E68667-9A7A-4D62-ADF3-699C249C10C1 --brand-id=int --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=2244,i,9298654420780587113,5418868577918471643,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:2C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.7.6.892
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.7.6.892\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
Total events
22 342
Read events
21 339
Write events
887
Delete events
116

Modification events

(PID) Process:(3028) Yandex.exeKey:HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Yandex
Operation:writeName:UICreated_admin
Value:
1
(PID) Process:(3028) Yandex.exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:DistribInfoParams
Value:
vup=1&browser=GoogleChrome/64/129.0.6668.90&banerid=6400000000:6707e192a6484deffa893a1b&scup=1&statpromo=false&yandexuid=3989847061684656611&mongoID=6707e192a6484deffa893a1b&pps=installID%3D3989847061684656611_1728569746399%26mongoID%3D6707e192a6484deffa893a1b&download_date=1728569746
(PID) Process:(3028) Yandex.exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:delete valueName:brand
Value:
(PID) Process:(3028) Yandex.exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:delete valueName:BrandFile
Value:
(PID) Process:(3028) Yandex.exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:delete valueName:PartnerFile
Value:
(PID) Process:(3028) Yandex.exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:lang
Value:
en
(PID) Process:(3028) Yandex.exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:InstallerData
Value:
C:\Users\admin\AppData\Local\Temp\master_preferences
(PID) Process:(3028) Yandex.exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:ClidsFile
Value:
C:\Users\admin\AppData\Local\Temp\clids.xml
(PID) Process:(3028) Yandex.exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:YandexWebsiteIconFile
Value:
C:\Users\admin\AppData\Local\Temp\website.ico
(PID) Process:(3028) Yandex.exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:AbtConfigResourceFile
Value:
C:\Users\admin\AppData\Local\Temp\abt_config_resource
Executable files
17
Suspicious files
873
Text files
198
Unknown types
29

Dropped files

PID
Process
Filename
Type
3028Yandex.exeC:\Users\admin\AppData\Local\Temp\website.ico
MD5:
SHA256:
3028Yandex.exeC:\Users\admin\AppData\Local\Temp\variations_resource
MD5:
SHA256:
3028Yandex.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FBbinary
MD5:ECD39DF925799C5183735048538F394F
SHA256:F890A7228EDF8ECD91AF879383FC6B8CC95F24191DEC5F5838CE4F329B7F5500
3028Yandex.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81Bbinary
MD5:5601531DC6B751098C0D8E5169DD4CF4
SHA256:082B11C3E7740C7A2F4A26A7A3C3CA6C119535703BA7C2015A4DA197B84F3FF9
3028Yandex.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046binary
MD5:05C013090A146FF9A9A350DEC63CC337
SHA256:262466899FC953CB72E021CC29A4C18278739134CD5AEB9BCA66E1AB77FE30D3
3028Yandex.exeC:\Users\admin\AppData\Roaming\Yandex\uitext
MD5:3E4F04047F7DE3047FED7DBD3D1B16AF
SHA256:52BC452BA07CFFA8089E4D4E93883824F2DCB8DEAA7FB15587C7C351B5E300E3
3028Yandex.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3binary
MD5:008C5A8A45FA46935DB4E079BE6424FD
SHA256:D0956FDD1DD4F215AE1ED73AB41336313A85B18D34A2FCBA9739B85763DF2BEF
3028Yandex.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_1E97890684BEEE785DD0BA79E29BED8Fbinary
MD5:2E108A942D3170A2E10F59F2403364D2
SHA256:A13B65A78D48FF5A626B058479D281C455E9E3D3908FB090E519605F113305B8
3028Yandex.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_67A7612028CE885541545304016D2A0Ebinary
MD5:EFA69C05F1A7B26EB81EAC0C9E71FFDB
SHA256:50660C8042E564AEC5BE7A03A7493919F3F79F16F4B7FA004DB55FA159DB2102
3028Yandex.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760binary
MD5:26A08ACB08E6E03575E4493138D68A11
SHA256:0341ED0F773BB0EBCCB104594CACBBFC4D9DCF43D2D5EB49496832476A2D0880
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
34
TCP/UDP connections
233
DNS requests
163
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
104.79.89.142:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
2.16.164.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2364
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5400
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7100
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7100
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
3028
Yandex.exe
GET
200
151.101.130.133:80
http://ocsp.globalsign.com/rootr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHUeP1PjGFkz6V8I7O6tApc%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1752
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5488
MoUsoCoreWorker.exe
2.16.164.114:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5488
MoUsoCoreWorker.exe
104.79.89.142:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
4360
SearchApp.exe
184.86.251.22:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4360
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 2.16.164.114
  • 2.16.164.49
  • 2.16.164.99
whitelisted
www.microsoft.com
  • 104.79.89.142
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.142
whitelisted
www.bing.com
  • 184.86.251.22
  • 184.86.251.14
  • 184.86.251.8
  • 184.86.251.7
  • 184.86.251.27
  • 184.86.251.9
  • 184.86.251.10
  • 184.86.251.16
  • 184.86.251.25
  • 104.126.37.123
  • 104.126.37.186
  • 104.126.37.184
  • 104.126.37.179
  • 104.126.37.128
  • 104.126.37.130
  • 104.126.37.171
  • 104.126.37.131
  • 104.126.37.178
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.74
  • 20.190.160.20
  • 20.190.160.22
  • 40.126.32.140
  • 40.126.32.133
  • 40.126.32.72
  • 20.190.160.14
  • 20.190.160.17
whitelisted
th.bing.com
  • 184.86.251.22
  • 184.86.251.14
  • 184.86.251.8
  • 184.86.251.7
  • 184.86.251.27
  • 184.86.251.9
  • 184.86.251.10
  • 184.86.251.16
  • 184.86.251.25
  • 104.126.37.163
  • 104.126.37.162
  • 104.126.37.161
  • 104.126.37.160
  • 104.126.37.177
  • 104.126.37.168
  • 104.126.37.171
  • 104.126.37.170
  • 104.126.37.155
whitelisted
go.microsoft.com
  • 95.100.53.90
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted

Threats

No threats detected
Process
Message
clidmgr.exe
GetLoggedCreds_WTSSessionInfo(): szUserName = admin, szDomain = DESKTOP-JGLLJLD, dwSessionId = 1
clidmgr.exe
GetSidFromEnumSess(): i = 0 : szUserName = Administrator, szDomain = DESKTOP-JGLLJLD, dwSessionId = 0
clidmgr.exe
GetSidFromEnumSess(): ProfileImagePath(1) = C:\Users\admin
clidmgr.exe
GetSidFromEnumSess(): LsaEnumerateLogonSessions() lpszSid = S-1-5-21-1693682860-607145093-2874071422-1001
clidmgr.exe
GetLoggedCreds_WTSSessionInfo(): szUserName = admin, szDomain = DESKTOP-JGLLJLD, dwSessionId = 1
clidmgr.exe
GetSidFromEnumSess(): i = 0 : szUserName = Administrator, szDomain = DESKTOP-JGLLJLD, dwSessionId = 0
clidmgr.exe
GetSidFromEnumSess(): ProfileImagePath(1) = C:\Users\admin
clidmgr.exe
GetSidFromEnumSess(): LsaEnumerateLogonSessions() lpszSid = S-1-5-21-1693682860-607145093-2874071422-1001
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Yandex.exe