URL:

https://maombi.store/download/671/dd0c4389-30d0-811f-746a-fb58592eaf7d/7-Zip.exe

Full analysis: https://app.any.run/tasks/3fa4cbc7-b117-42ca-b612-4c1c8138b0a2
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: October 01, 2019, 13:50:08
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
loader
Indicators:
MD5:

6E73C464F4AFA8C5AE0B49878301AE2A

SHA1:

499FADA07829906B7B079846499BBF12410D4D33

SHA256:

C7676978B1078C6F13C4458654556C6064CDE51C1279FAF661C1182FC9C2F811

SSDEEP:

3:N8PMLF+TfwUSRCZhOD5N:2PMLFawUS0hOtN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • 7-Zip.exe (PID: 2904)
      • 7-Zip.exe (PID: 2648)
      • downloader.exe (PID: 3524)
      • cookie_mmm_aps_ppi_003_885_g.exe (PID: 2124)
      • downloader.exe (PID: 3836)
      • YandexPackSetup.exe (PID: 2712)
      • seederexe.exe (PID: 3516)
      • lite_installer.exe (PID: 3756)
      • downloader.exe (PID: 3096)
      • avast_free_antivirus_setup_online.exe (PID: 2616)
      • instup.exe (PID: 3476)
      • YandexPackSetup.exe (PID: 3828)
      • downloader.exe (PID: 3160)
      • YandexPackSetup.exe (PID: 2488)
      • instup.exe (PID: 2212)
      • MBlauncher.exe (PID: 2952)
      • u2-ctrl.exe (PID: 3060)
      • Yandex.exe (PID: 3268)
      • sbr.exe (PID: 1572)
      • BrowserManager.exe (PID: 4012)
      • sender.exe (PID: 3940)
      • BrowserManager.exe (PID: 2440)
      • yupdate-exec.exe (PID: 3156)
      • yupdate-exec.exe (PID: 4048)
      • u2-ctrl.exe (PID: 3272)
      • SetupInf.exe (PID: 3804)
      • SetupInf.exe (PID: 272)
      • SetupInf.exe (PID: 2372)
      • AvEmUpdate.exe (PID: 3932)
      • AvEmUpdate.exe (PID: 2560)
      • AvEmUpdate.exe (PID: 2720)
      • SetupInf.exe (PID: 3380)
      • AvEmUpdate.exe (PID: 2404)
      • CCUpdate.exe (PID: 2976)
      • SEARCHBAND.EXE (PID: 3916)
      • CCUpdate.exe (PID: 772)
      • CCUpdate.exe (PID: 2560)
      • CCUpdate.exe (PID: 3936)
      • YandexWorking.exe (PID: 3932)
      • avBugReport.exe (PID: 4292)
      • searchbandapp.exe (PID: 3748)
      • AvastNM.exe (PID: 2608)
      • overseer.exe (PID: 4224)
      • wsc_proxy.exe (PID: 5476)
      • AvastSvc.exe (PID: 5732)
      • searchbandapp.exe (PID: 5208)
      • aswEngSrv.exe (PID: 4804)
      • crashreporter.exe (PID: 5852)
      • RegSvr.exe (PID: 4376)
      • RegSvr.exe (PID: 4720)
      • wsc_proxy.exe (PID: 5096)

    • Changes settings of System certificates

      • downloader.exe (PID: 3524)
      • avBugReport.exe (PID: 4292)
      • AvastSvc.exe (PID: 5732)

    • Downloads executable files from the Internet

      • downloader.exe (PID: 3524)
      • cookie_mmm_aps_ppi_003_885_g.exe (PID: 2124)
      • downloader.exe (PID: 3096)

    • Changes the autorun value in the registry

      • YandexPackSetup.exe (PID: 2488)
      • instup.exe (PID: 2212)
      • BrowserManager.exe (PID: 4012)
      • browser.exe (PID: 4060)
      • searchbandapp.exe (PID: 5208)

    • Loads dropped or rewritten executable

      • instup.exe (PID: 3476)
      • instup.exe (PID: 2212)
      • MBlauncher.exe (PID: 2952)
      • YandexPackSetup.exe (PID: 2488)
      • BrowserManager.exe (PID: 4012)
      • BrowserManager.exe (PID: 2440)
      • AvEmUpdate.exe (PID: 3932)
      • AvEmUpdate.exe (PID: 2404)
      • setup.exe (PID: 2972)
      • browser.exe (PID: 4060)
      • browser.exe (PID: 3628)
      • browser.exe (PID: 2704)
      • browser.exe (PID: 804)
      • browser.exe (PID: 3856)
      • browser.exe (PID: 492)
      • browser.exe (PID: 2868)
      • browser.exe (PID: 3296)
      • browser.exe (PID: 5460)
      • browser.exe (PID: 6092)
      • browser.exe (PID: 5836)
      • browser.exe (PID: 5344)
      • browser.exe (PID: 4508)
      • browser.exe (PID: 5276)
      • browser.exe (PID: 6012)
      • browser.exe (PID: 4884)
      • browser.exe (PID: 2324)
      • browser.exe (PID: 5740)
      • browser.exe (PID: 4256)
      • browser.exe (PID: 4212)
      • browser.exe (PID: 5948)
      • browser.exe (PID: 4424)
      • browser.exe (PID: 4644)
      • browser.exe (PID: 5672)
      • RegSvr.exe (PID: 4376)
      • RegSvr.exe (PID: 4720)
      • engsup.exe (PID: 4584)
      • engsup.exe (PID: 5204)
      • AvastSvc.exe (PID: 5732)
      • searchbandapp.exe (PID: 5208)
      • browser.exe (PID: 5924)
      • aswEngSrv.exe (PID: 4804)
      • explorer.exe (PID: 296)

    • Loads the Task Scheduler COM API

      • AvEmUpdate.exe (PID: 2560)
      • AvEmUpdate.exe (PID: 3932)
      • CCUpdate.exe (PID: 3936)
      • CCUpdate.exe (PID: 5488)
      • browser.exe (PID: 4060)
      • overseer.exe (PID: 4224)
      • searchbandapp.exe (PID: 5208)

    • Actions looks like stealing of personal data

      • browser.exe (PID: 4060)

    • Loads the Task Scheduler DLL interface

      • browser.exe (PID: 4060)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 7-Zip.exe (PID: 2648)
      • chrome.exe (PID: 2804)
      • 7-Zip.exe (PID: 2904)
      • 7-Zip.tmp (PID: 3372)
      • chrome.exe (PID: 2736)
      • downloader.exe (PID: 3524)
      • MsiExec.exe (PID: 3840)
      • msiexec.exe (PID: 2072)
      • cookie_mmm_aps_ppi_003_885_g.exe (PID: 2124)
      • avast_free_antivirus_setup_online.exe (PID: 2616)
      • instup.exe (PID: 3476)
      • downloader.exe (PID: 3096)
      • YandexPackSetup.exe (PID: 3828)
      • YandexPackSetup.exe (PID: 2488)
      • Yandex.exe (PID: 3268)
      • BrowserManager.exe (PID: 4012)
      • AvEmUpdate.exe (PID: 3932)
      • setup.exe (PID: 2972)
      • AvEmUpdate.exe (PID: 2404)
      • CCUpdate.exe (PID: 2976)
      • CCUpdate.exe (PID: 2560)
      • searchbandapp.exe (PID: 3748)
      • instup.exe (PID: 2212)
      • overseer.exe (PID: 4224)
      • AvastSvc.exe (PID: 5732)
      • c63e3cd1009a4b281bbb.exe (PID: 5884)

    • Reads the Windows organization settings

      • 7-Zip.tmp (PID: 3372)

    • Reads Windows owner or organization settings

      • 7-Zip.tmp (PID: 3372)

    • Adds / modifies Windows certificates

      • downloader.exe (PID: 3524)
      • avBugReport.exe (PID: 4292)

    • Application launched itself

      • downloader.exe (PID: 3524)
      • downloader.exe (PID: 3096)
      • setup.exe (PID: 2972)
      • AvEmUpdate.exe (PID: 3932)
      • browser.exe (PID: 4060)
      • CCUpdate.exe (PID: 3936)

    • Low-level read access rights to disk partition

      • cookie_mmm_aps_ppi_003_885_g.exe (PID: 2124)
      • avast_free_antivirus_setup_online.exe (PID: 2616)
      • instup.exe (PID: 3476)
      • instup.exe (PID: 2212)
      • AvEmUpdate.exe (PID: 3932)
      • AvEmUpdate.exe (PID: 2720)
      • AvEmUpdate.exe (PID: 2404)
      • CCUpdate.exe (PID: 2976)
      • CCUpdate.exe (PID: 2560)
      • CCUpdate.exe (PID: 772)
      • CCUpdate.exe (PID: 3936)
      • CCUpdate.exe (PID: 5488)
      • avBugReport.exe (PID: 4292)
      • overseer.exe (PID: 4224)
      • AvastSvc.exe (PID: 5732)

    • Creates files in the user directory

      • MsiExec.exe (PID: 3840)
      • seederexe.exe (PID: 3516)
      • msiexec.exe (PID: 2072)
      • BrowserManager.exe (PID: 4012)
      • {B22BBF9E-3B2D-4C46-9412-95B79F213567}.exe (PID: 2752)
      • setup.exe (PID: 2972)
      • Yandex.exe (PID: 3268)
      • clidmgr.exe (PID: 3528)

    • Reads Environment values

      • MsiExec.exe (PID: 3840)
      • MsiExec.exe (PID: 2084)
      • BrowserManager.exe (PID: 4012)
      • MsiExec.exe (PID: 2076)
      • AvastSvc.exe (PID: 5732)

    • Creates files in the Windows directory

      • cookie_mmm_aps_ppi_003_885_g.exe (PID: 2124)
      • avast_free_antivirus_setup_online.exe (PID: 2616)
      • instup.exe (PID: 3476)
      • instup.exe (PID: 2212)
      • AvEmUpdate.exe (PID: 3932)
      • browser.exe (PID: 4060)
      • AvastSvc.exe (PID: 5732)

    • Creates files in the program directory

      • avast_free_antivirus_setup_online.exe (PID: 2616)
      • instup.exe (PID: 3476)
      • instup.exe (PID: 2212)
      • AvEmUpdate.exe (PID: 2560)
      • AvEmUpdate.exe (PID: 3932)
      • CCUpdate.exe (PID: 2976)
      • CCUpdate.exe (PID: 2560)
      • CCUpdate.exe (PID: 3936)
      • CCUpdate.exe (PID: 5488)
      • avBugReport.exe (PID: 4292)
      • AvastNM.exe (PID: 2608)
      • engsup.exe (PID: 4584)
      • wsc_proxy.exe (PID: 5476)
      • overseer.exe (PID: 4224)
      • AvastSvc.exe (PID: 5732)
      • engsup.exe (PID: 5204)

    • Creates or modifies windows services

      • instup.exe (PID: 3476)
      • instup.exe (PID: 2212)
      • SetupInf.exe (PID: 3804)
      • SetupInf.exe (PID: 272)
      • SetupInf.exe (PID: 2372)
      • AvEmUpdate.exe (PID: 3932)
      • SetupInf.exe (PID: 3380)
      • AvEmUpdate.exe (PID: 2560)
      • AvEmUpdate.exe (PID: 2404)
      • AvEmUpdate.exe (PID: 2720)
      • avBugReport.exe (PID: 4292)
      • RegSvr.exe (PID: 4376)
      • RegSvr.exe (PID: 4720)
      • wsc_proxy.exe (PID: 5476)
      • AvastSvc.exe (PID: 5732)
      • wsc_proxy.exe (PID: 5096)

    • Removes files from Windows directory

      • instup.exe (PID: 3476)
      • instup.exe (PID: 2212)
      • AvEmUpdate.exe (PID: 3932)
      • avast_free_antivirus_setup_online.exe (PID: 2616)

    • Creates a software uninstall entry

      • YandexPackSetup.exe (PID: 2488)
      • Yandex.exe (PID: 3268)
      • instup.exe (PID: 2212)
      • setup.exe (PID: 2972)
      • AvEmUpdate.exe (PID: 2404)

    • Uses TASKKILL.EXE to kill process

      • MsiExec.exe (PID: 2084)

    • Starts itself from another location

      • instup.exe (PID: 3476)
      • {B22BBF9E-3B2D-4C46-9412-95B79F213567}.exe (PID: 3304)
      • CCUpdate.exe (PID: 2560)
      • searchbandapp.exe (PID: 3748)

    • Changes the started page of IE

      • seederexe.exe (PID: 3516)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2736)

    • Reads Internet Cache Settings

      • BrowserManager.exe (PID: 4012)
      • instup.exe (PID: 2212)
      • explorer.exe (PID: 296)

    • Executed via COM

      • u2-ctrl.exe (PID: 3272)

    • Reads the cookies of Mozilla Firefox

      • BrowserManager.exe (PID: 4012)
      • engsup.exe (PID: 5204)

    • Reads the cookies of Google Chrome

      • BrowserManager.exe (PID: 4012)
      • engsup.exe (PID: 5204)

    • Creates files in the driver directory

      • instup.exe (PID: 2212)
      • AvEmUpdate.exe (PID: 3932)

    • Modifies the open verb of a shell class

      • instup.exe (PID: 2212)
      • setup.exe (PID: 2972)

    • Creates COM task schedule object

      • instup.exe (PID: 2212)
      • RegSvr.exe (PID: 4376)
      • RegSvr.exe (PID: 4720)
      • c63e3cd1009a4b281bbb.exe (PID: 5884)

    • Starts application with an unusual extension

      • {B22BBF9E-3B2D-4C46-9412-95B79F213567}.exe (PID: 2752)

    • Executed as Windows Service

      • AvastSvc.exe (PID: 5732)

    • Changes IE settings (feature browser emulation)

      • searchbandapp.exe (PID: 5208)

    • Searches for installed software

      • AvastSvc.exe (PID: 5732)

  • INFO

    • Reads the hosts file

      • chrome.exe (PID: 2736)
      • chrome.exe (PID: 2804)
      • instup.exe (PID: 3476)
      • instup.exe (PID: 2212)
      • BrowserManager.exe (PID: 4012)
      • browser.exe (PID: 4060)
      • browser.exe (PID: 804)
      • browser.exe (PID: 4884)
      • browser.exe (PID: 4256)
      • overseer.exe (PID: 4224)
      • AvastSvc.exe (PID: 5732)

    • Application launched itself

      • chrome.exe (PID: 2736)
      • msiexec.exe (PID: 2072)

    • Reads Internet Cache Settings

      • chrome.exe (PID: 2736)

    • Changes settings of System certificates

      • chrome.exe (PID: 2736)

    • Loads dropped or rewritten executable

      • 7-Zip.tmp (PID: 3372)
      • MsiExec.exe (PID: 2084)

    • Application was dropped or rewritten from another process

      • 7-Zip.tmp (PID: 1720)
      • 7-Zip.tmp (PID: 3372)
      • c63e3cd1009a4b281bbb.exe (PID: 5884)

    • Dropped object may contain Bitcoin addresses

      • msiexec.exe (PID: 2072)
      • instup.exe (PID: 2212)
      • setup.exe (PID: 2972)
      • AvEmUpdate.exe (PID: 3932)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 2072)
      • c63e3cd1009a4b281bbb.exe (PID: 5884)

    • Manual execution by user

      • BrowserManager.exe (PID: 2440)
      • {B22BBF9E-3B2D-4C46-9412-95B79F213567}.exe (PID: 3304)
      • YandexWorking.exe (PID: 3932)
      • searchbandapp.exe (PID: 3748)
      • browser.exe (PID: 4060)

    • Creates files in the user directory

      • Opera.exe (PID: 3604)

    • Reads settings of System Certificates

      • {B22BBF9E-3B2D-4C46-9412-95B79F213567}.exe (PID: 2752)
      • browser.exe (PID: 804)
      • explorer.exe (PID: 296)

    • Creates files in the program directory

      • c63e3cd1009a4b281bbb.exe (PID: 5884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
179
Monitored processes
128
Malicious processes
43
Suspicious processes
8

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs 7-zip.exe 7-zip.tmp no specs chrome.exe no specs 7-zip.exe 7-zip.tmp downloader.exe yandexpacksetup.exe downloader.exe msiexec.exe cookie_mmm_aps_ppi_003_885_g.exe msiexec.exe lite_installer.exe seederexe.exe downloader.exe chrome.exe no specs avast_free_antivirus_setup_online.exe instup.exe yandexpacksetup.exe downloader.exe yandexpacksetup.exe msiexec.exe taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs instup.exe u2-ctrl.exe no specs mblauncher.exe no specs chrome.exe no specs chrome.exe no specs browsermanager.exe yandex.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs sbr.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs sender.exe browsermanager.exe no specs u2-ctrl.exe no specs yupdate-exec.exe no specs yupdate-exec.exe no specs yandexworking.exe no specs opera.exe {b22bbf9e-3b2d-4c46-9412-95b79f213567}.exe no specs {b22bbf9e-3b2d-4c46-9412-95b79f213567}.exe setupinf.exe no specs ybc4f8.tmp no specs setup.exe setup.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs avemupdate.exe no specs avemupdate.exe avemupdate.exe avemupdate.exe clidmgr.exe clidmgr.exe clidmgr.exe ccupdate.exe clidmgr.exe chrome.exe no specs ccupdate.exe searchband.exe msiexec.exe searchbandapp.exe ccupdate.exe browser.exe browser.exe no specs ccupdate.exe browser.exe no specs browser.exe browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs ccupdate.exe browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs avbugreport.exe browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs regsvr.exe no specs regsvr.exe no specs avastnm.exe no specs overseer.exe engsup.exe no specs wsc_proxy.exe no specs avastsvc.exe engsup.exe no specs searchbandapp.exe aswengsrv.exe no specs crashreporter.exe no specs c63e3cd1009a4b281bbb.exe explorer.exe browser.exe no specs wsc_proxy.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
272"C:\Program Files\AVAST Software\Avast\SetupInf.exe" /catalog:aswHwid.cat /uninstallC:\Program Files\AVAST Software\Avast\SetupInf.exeinstup.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Antivirus Installer
Exit code:
0
Version:
19.8.4793.0
Modules
Images
c:\program files\avast software\avast\setupinf.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
296C:\Windows\Explorer.EXEC:\Windows\explorer.exe
dllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
328"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,2761470754983513115,5462823601019149080,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=14001113192233568292 --mojo-platform-channel-handle=2892 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
416"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,2761470754983513115,5462823601019149080,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=7191259496344236371 --mojo-platform-channel-handle=1432 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
492"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --field-trial-handle=916,12703429913213014230,14923250326519958790,131072 --js-flags="--no-enable-liveedit --no-untrusted-code-mitigations --stack-trace-limit=1" --lang=ru --user-id=e7556af6-a854-4f3e-aa84-d5714b9c77a4 --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --translate-security-origin=https://yastatic.net --enable-auto-reload --enable-instaserp --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16208333134126705538 --renderer-client-id=6 --mojo-platform-channel-handle=2304 /prefetch:1C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex
Exit code:
0
Version:
19.9.1.237
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\19.9.1.237\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
772CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\6fc6c615-fd47-466f-8246-7c6c4f91e795.dll"C:\Program Files\CCleaner\CCUpdate.exe
CCUpdate.exe
User:
admin
Company:
Piriform Ltd
Integrity Level:
HIGH
Description:
CCleaner emergency updater
Exit code:
0
Version:
18.6.553.0
Modules
Images
c:\program files\ccleaner\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
804"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --field-trial-handle=916,12703429913213014230,14923250326519958790,131072 --lang=ru --service-sandbox-type=network --user-id=e7556af6-a854-4f3e-aa84-d5714b9c77a4 --brand-id=yandex --partner-id=pseudoportal-ru --service-request-channel-token=6959988292171209131 --process-name="Network Service" --mojo-platform-channel-handle=1468 /prefetch:8C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
browser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
MEDIUM
Description:
Yandex
Exit code:
0
Version:
19.9.1.237
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\19.9.1.237\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
916"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,2761470754983513115,5462823601019149080,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=10896160482406652448 --mojo-platform-channel-handle=1916 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1244"C:\Windows\\System32\taskkill.exe" /F /IM BrowserManager.exeC:\Windows\System32\taskkill.exeMsiExec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
1300"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,2761470754983513115,5462823601019149080,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14370781998784483261 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
28 362
Read events
17 379
Write events
10 876
Delete events
107

Modification events

(PID) Process:(296) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2736) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2736) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2736) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(2736) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2736) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3144) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:2736-13214411424838125
Value:
259
(PID) Process:(2736) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(2736) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(2736) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:1512-13197841398593750
Value:
0
Executable files
514
Suspicious files
206
Text files
679
Unknown types
80

Dropped files

PID
Process
Filename
Type
2736chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
MD5:
SHA256:
2736chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\4e6b6d28-68e7-4b94-a9df-321ae4e8e100.tmp
MD5:
SHA256:
2736chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
MD5:
SHA256:
2736chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:
SHA256:
2736chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
2736chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF186462.TMPtext
MD5:
SHA256:
2736chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF1864cf.TMPtext
MD5:
SHA256:
2736chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
MD5:
SHA256:
2736chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF1864a1.TMPtext
MD5:
SHA256:
2736chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
70
TCP/UDP connections
107
DNS requests
84
Threats
17

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3096
downloader.exe
GET
302
5.45.205.245:80
http://downloader.yandex.net/yandex-pack/bm-partner-ru/YandexPackSetup.exe
RU
whitelisted
3372
7-Zip.tmp
GET
202
5.63.157.193:80
http://offerbox.ru.com/download/671/{DD0C4389-30D0-811F-746A-FB58592EAF7D}/4E3014F88A1776A95D57E2AE3211A742FF35E455C4BA364784/1/0
RU
malicious
3756
lite_installer.exe
GET
37.140.166.229:80
http://cache-default05h.cdn.yandex.net/downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2323948-671&ui={e7556af6-a854-4f3e-aa84-d5714b9c77a4}
RU
whitelisted
3836
downloader.exe
GET
77.88.21.14:80
http://clck.yandex.ru/click/dtype=stred/pid=12/cid=72435/path=dwnldr/p=7983/cnt=0/dt=6/ct=0/rt=3/imp=0/*
RU
whitelisted
3096
downloader.exe
GET
304
37.140.166.229:80
http://cache-default05h.cdn.yandex.net/downloader.yandex.net/yandex-pack/downloader/info.rss
RU
whitelisted
3756
lite_installer.exe
GET
302
5.45.205.245:80
http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2323948-671&ui={e7556af6-a854-4f3e-aa84-d5714b9c77a4}
RU
whitelisted
3524
downloader.exe
GET
200
37.140.166.229:80
http://cache-default05h.cdn.yandex.net/downloader.yandex.net/yandex-pack/downloader/info.rss
RU
xml
544 b
whitelisted
3524
downloader.exe
GET
200
37.140.166.226:80
http://cache-default02h.cdn.yandex.net/downloader.yandex.net/yandex-pack/7983/YandexPackSetup.exe
RU
executable
9.26 Mb
whitelisted
2124
cookie_mmm_aps_ppi_003_885_g.exe
GET
200
2.16.186.50:80
http://iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
unknown
executable
7.61 Mb
whitelisted
3372
7-Zip.tmp
GET
200
5.63.157.193:80
http://offerbox.ru.com/api/lotuid/4E3014F88A1776A95D57E2AE3211A742FF35E455C4BA364784
RU
text
32 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2804
chrome.exe
188.42.30.244:443
maombi.store
Servers.com, Inc.
RU
malicious
2804
chrome.exe
172.217.16.163:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2804
chrome.exe
172.217.18.110:443
sb-ssl.google.com
Google Inc.
US
whitelisted
2804
chrome.exe
216.58.207.36:443
www.google.com
Google Inc.
US
whitelisted
2804
chrome.exe
172.217.18.163:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2736
chrome.exe
91.199.212.52:80
crt.comodoca.com
Comodo CA Ltd
GB
suspicious
3524
downloader.exe
5.45.205.245:80
downloader.yandex.net
YANDEX LLC
RU
whitelisted
3372
7-Zip.tmp
5.63.157.193:80
offerbox.ru.com
Domain names registrar REG.RU, Ltd
RU
malicious
3524
downloader.exe
37.140.166.229:80
cache-default05h.cdn.yandex.net
YANDEX LLC
RU
whitelisted
2124
cookie_mmm_aps_ppi_003_885_g.exe
5.62.44.230:80
v7event.stats.avast.com
AVAST Software s.r.o.
US
unknown

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 172.217.16.163
whitelisted
maombi.store
  • 188.42.30.244
malicious
accounts.google.com
  • 216.58.206.13
shared
www.google.com
  • 216.58.207.36
malicious
sb-ssl.google.com
  • 172.217.18.110
whitelisted
ssl.gstatic.com
  • 172.217.18.163
whitelisted
crt.comodoca.com
  • 91.199.212.52
whitelisted
offerbox.ru.com
  • 5.63.157.193
malicious
downloader.yandex.net
  • 5.45.205.245
  • 5.45.205.242
  • 5.45.205.244
  • 5.45.205.241
  • 5.45.205.243
whitelisted
cache-default05h.cdn.yandex.net
  • 37.140.166.229
whitelisted

Threats

PID
Process
Class
Message
3372
7-Zip.tmp
Misc activity
ADWARE [PTsecurity] PUA:Win32/Puwaders.B!ml
3524
downloader.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3372
7-Zip.tmp
Misc activity
ADWARE [PTsecurity] PUA:Win32/Puwaders.B!ml
2124
cookie_mmm_aps_ppi_003_885_g.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3836
downloader.exe
Attempted Information Leak
ET POLICY curl User-Agent Outbound
3096
downloader.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3756
lite_installer.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3756
lite_installer.exe
Misc activity
ET INFO EXE - Served Attached HTTP
3160
downloader.exe
Attempted Information Leak
ET POLICY curl User-Agent Outbound
3932
AvEmUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4 ETPRO signatures available at the full report
Process
Message
YandexPackSetup.exe
IsAlreadyRun() In
YandexPackSetup.exe
IsAlreadyRun() Out : ret (BOOL) = 0
YandexPackSetup.exe
IsMSISrvFree() In
YandexPackSetup.exe
IsMSISrvFree() : OpenMutex() err ret = 2
YandexPackSetup.exe
IsMSISrvFree() Out ret = 1
YandexPackSetup.exe
GetLoggedCreds_WTSSessionInfo(): szUserName = admin, szDomain = USER-PC, dwSessionId = 1
YandexPackSetup.exe
GetSidFromEnumSess(): i = 0 : szUserName = Administrator, szDomain = USER-PC, dwSessionId = 0
YandexPackSetup.exe
GetSidFromEnumSess(): ProfileImagePath(1) = C:\Users\admin
YandexPackSetup.exe
GetSidFromEnumSess(): LsaEnumerateLogonSessions() lpszSid = S-1-5-21-1302019708-1500728564-335382590-1000
YandexPackSetup.exe
GetLoggedCreds_WTSSessionInfo(): szUserName = admin, szDomain = USER-PC, dwSessionId = 1
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://maombi.store/download/671/dd0c4389-30d0-811f-746a-fb58592eaf7d/7-Zip.exe