File name:

YandexPackLoader.exe

Full analysis: https://app.any.run/tasks/6a911477-36a7-425b-a72a-3c570de04a87
Verdict: Malicious activity
Analysis date: April 26, 2023, 19:40:51
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

365E6A3DD47CFDB13E9A4A73D841F879

SHA1:

9100230BC2F8744FB0DCE6535CA3658C7DC1DF8B

SHA256:

CDECBF8D84BB7B5ED08948F9B6D3C9C1B97E7C38BDC636FDC75FE7CCA907A803

SSDEEP:

3072:+x3P/sUhfv9/d7HvEQC2mCE0KMlbq3dVCZbnKvg8t8xtbXe0GjuKnkNrin2j53:S3P/Fv9/d7PzqdCbnKxjUIn2j53

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Scans artifacts that could help determine the target

      • YandexPackLoader.exe (PID: 4100)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • YandexPackLoader.exe (PID: 4100)

    • Checks Windows Trust Settings

      • YandexPackLoader.exe (PID: 4100)
      • msiexec.exe (PID: 4048)

    • Process requests binary or script from the Internet

      • YandexPackLoader.exe (PID: 4100)

    • Reads the date of Windows installation

      • YandexPackLoader.exe (PID: 4100)

    • Reads settings of System Certificates

      • YandexPackLoader.exe (PID: 4100)
      • msiexec.exe (PID: 4048)

    • Application launched itself

      • YandexPackLoader.exe (PID: 4100)

    • Starts itself from another location

      • Yandex.exe (PID: 6172)
      • Yandex.exe (PID: 3900)

  • INFO

    • Checks supported languages

      • YandexPackLoader.exe (PID: 4100)
      • YandexPackSetup.exe (PID: 5032)
      • YandexPackLoader.exe (PID: 4460)
      • msiexec.exe (PID: 4048)

    • Create files in a temporary directory

      • YandexPackLoader.exe (PID: 4100)
      • YandexPackSetup.exe (PID: 5032)
      • YandexPackLoader.exe (PID: 4460)

    • The process checks LSA protection

      • YandexPackLoader.exe (PID: 4100)
      • YandexPackSetup.exe (PID: 5032)
      • msiexec.exe (PID: 4048)

    • Reads the computer name

      • YandexPackLoader.exe (PID: 4100)
      • msiexec.exe (PID: 4048)

    • Checks proxy server information

      • YandexPackLoader.exe (PID: 4100)

    • Reads the machine GUID from the registry

      • YandexPackLoader.exe (PID: 4100)
      • msiexec.exe (PID: 4048)

    • Creates files or folders in the user directory

      • YandexPackLoader.exe (PID: 4100)

    • Reads the software policy settings

      • YandexPackLoader.exe (PID: 4100)
      • msiexec.exe (PID: 4048)

    • Manual execution by a user

      • {33CF3A51-9227-4AC0-9E69-968F0D03B750}.exe (PID: 6616)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

ProductVersion: 0.1.0.32
ProductName: Setup Downloader
OriginalFileName: WebDownloader.exe
LegalCopyright: Copyright (C) 2015 Yandex LLC
InternalName: download
FileVersion: 0.1.0.32
FileDescription: Setup Downloader
CharacterSet: Unicode
LanguageCode: Russian
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x0017
ProductVersionNumber: 0.1.0.32
FileVersionNumber: 0.1.0.32
Subsystem: Windows GUI
SubsystemVersion: 5.1
ImageVersion: -
OSVersion: 5.1
EntryPoint: 0x8eb2
UninitializedDataSize: -
InitializedDataSize: 88576
CodeSize: 151040
LinkerVersion: 14
PEType: PE32
ImageFileCharacteristics: Executable, 32-bit
TimeStamp: 2018:12:11 06:24:12+00:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 11-Dec-2018 06:24:12
Detected languages:
  • English - United States
  • Russian - Russia
Debug artifacts:
  • C:\BuildAgent\work\724ffc1c11fec002\downloader\Release\WebDownloader.pdb
FileDescription: Setup Downloader
FileVersion: 0.1.0.32
InternalName: download
LegalCopyright: Copyright (C) 2015 Yandex LLC
OriginalFilename: WebDownloader.exe
ProductName: Setup Downloader
ProductVersion: 0.1.0.32

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000108

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 6
Time date stamp: 11-Dec-2018 06:24:12
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x00024D1C
0x00024E00
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.63719
.rdata
0x00026000
0x00009BD4
0x00009C00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.96753
.data
0x00030000
0x0000360C
0x00000C00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
2.64313
.gfids
0x00034000
0x00000134
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
2.42235
.rsrc
0x00035000
0x000067E8
0x00006800
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.1595
.reloc
0x0003C000
0x00001A18
0x00001C00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
6.41306

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.31879
1235
UNKNOWN
English - United States
RT_MANIFEST
2
1.53973
9832
UNKNOWN
Russian - Russia
RT_ICON
3
1.54324
4392
UNKNOWN
Russian - Russia
RT_ICON
4
1.70751
2488
UNKNOWN
Russian - Russia
RT_ICON
5
1.78405
1128
UNKNOWN
Russian - Russia
RT_ICON
107
2.81633
76
UNKNOWN
Russian - Russia
RT_GROUP_ICON

Imports

ADVAPI32.dll
KERNEL32.dll
OLEAUT32.dll
SHELL32.dll
Secur32.dll
USER32.dll
VERSION.dll
WINTRUST.dll
WS2_32.dll
WTSAPI32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
14
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start yandexpackloader.exe yandexpacksetup.exe yandexpackloader.exe no specs msiexec.exe no specs msiexec.exe no specs lite_installer.exe no specs seederexe.exe no specs yandex.exe no specs explorer.exe no specs yandex.exe no specs explorer.exe no specs sender.exe no specs {33cf3a51-9227-4ac0-9e69-968f0d03b750}.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1440C:\Users\admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /pin-path="C:\Users\admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinningC:\Users\admin\AppData\Local\Temp\pin\explorer.exeYandex.exe
User:
admin
Integrity Level:
MEDIUM
Description:
YandexPin
Exit code:
0
Version:
3.7.9.0
2160"C:\Users\admin\AppData\Local\Temp\6D30FD3B-7C6B-4A17-808F-5181242DDB1B\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSERC:\Users\admin\AppData\Local\Temp\6D30FD3B-7C6B-4A17-808F-5181242DDB1B\lite_installer.exemsiexec.exe
User:
admin
Company:
Yandex
Integrity Level:
MEDIUM
Description:
YandexBrowserDownloader
Exit code:
0
Version:
1.0.1.88
3260"C:\Users\admin\AppData\Local\Temp\C1A8B3FD-237C-4260-95C5-2701DB1BEB58\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\admin\AppData\Local\Temp\DB3738DC-8C03-4B76-A8A8-B581FF5FF5E4\sender.exe" "--is_elevated=no" "--ui_level=3" "--good_token=x" "--no_opera=n"C:\Users\admin\AppData\Local\Temp\C1A8B3FD-237C-4260-95C5-2701DB1BEB58\seederexe.exemsiexec.exe
User:
admin
Company:
Yandex
Integrity Level:
MEDIUM
Description:
Browser Integration Module
Exit code:
0
Version:
3.7.10.0
3900C:\Users\admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /website-path="C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Taskbar\Яндекс Маркет.website" /icon-path="C:\Users\admin\AppData\Local\MICROS~1\INTERN~1\Services\MARKET~1.ICO" /site-id="2AE68B04.8A85F169"C:\Users\admin\AppData\Local\Yandex\YaPin\Yandex.exeseederexe.exe
User:
admin
Integrity Level:
MEDIUM
Description:
YandexPin
Exit code:
0
Version:
3.7.9.0
4048C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
4100"C:\Users\admin\AppData\Local\Temp\YandexPackLoader.exe" C:\Users\admin\AppData\Local\Temp\YandexPackLoader.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup Downloader
Exit code:
0
Version:
0.1.0.32
Modules
Images
c:\users\admin\appdata\local\temp\yandexpackloader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4460C:\Users\admin\AppData\Local\Temp\YandexPackLoader.exe --stat dwnldr/p=70510/cnt=0/dt=7/ct=1/rt=0 --dh 2392 --st 1682538112C:\Users\admin\AppData\Local\Temp\YandexPackLoader.exeYandexPackLoader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup Downloader
Exit code:
0
Version:
0.1.0.32
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\local\temp\yandexpackloader.exe
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4688C:\Users\admin\AppData\Local\Temp\DB3738DC-8C03-4B76-A8A8-B581FF5FF5E4\sender.exe --send "/status.xml?clid=2598005-830&uuid=82813a06-e6c8-4487-9802-8964760c89bb&vnt=Windows 10x64&file-no=8%0A10%0A11%0A12%0A13%0A15%0A16%0A17%0A18%0A20%0A21%0A22%0A25%0A28%0A36%0A38%0A40%0A42%0A43%0A54%0A58%0A59%0A89%0A102%0A103%0A123%0A124%0A125%0A129%0A"C:\Users\admin\AppData\Local\Temp\DB3738DC-8C03-4B76-A8A8-B581FF5FF5E4\sender.exeseederexe.exe
User:
admin
Company:
Yandex
Integrity Level:
MEDIUM
Description:
Yandex Statistics
Exit code:
0
Version:
0.0.2.14
5032"C:\Users\admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /passive /msicl "VID=830 YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y "C:\Users\admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
YandexPackLoader.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Software Installer
Exit code:
0
Version:
3.0.5419.0
Modules
Images
c:\users\admin\appdata\local\temp\7f4987fb1a6e43d69e3e94b29eb75926\yandexpacksetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\psapi.dll
5764C:\Windows\syswow64\MsiExec.exe -Embedding AD46E15D40C580E3EC0EDBC458A7D581C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Total events
6 857
Read events
6 837
Write events
20
Delete events
0

Modification events

(PID) Process:(4100) YandexPackLoader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4100) YandexPackLoader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4100) YandexPackLoader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(4100) YandexPackLoader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(4100) YandexPackLoader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4100) YandexPackLoader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
0
Suspicious files
3
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
5032YandexPackSetup.exeC:\Users\admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi
MD5:
SHA256:
4048msiexec.exeC:\WINDOWS\Installer\43fa96.msi
MD5:
SHA256:
3260seederexe.exeC:\Users\admin\AppData\Local\Temp\omnija-20234126.zip
MD5:
SHA256:
3260seederexe.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\places.sqlite-20230426194154.463000.backup
MD5:
SHA256:
3260seederexe.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\places.sqlite
MD5:
SHA256:
3260seederexe.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
MD5:
SHA256:
6616{33CF3A51-9227-4AC0-9E69-968F0D03B750}.exeC:\Users\admin\AppData\Local\Temp\website.ico
MD5:
SHA256:
3260seederexe.exeC:\Users\admin\Favorites\Links\Яндекс Маркет.urltext
MD5:F78AF4FC89D626CD2B50AB347A5FA7D3
SHA256:0FA60EED1CDAD98E7FE0E5B7693775F858B042576EBE69764CF496A4C3B5C6CE
4100YandexPackLoader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\info[1].rssxml
MD5:1624F4A1E637E4A958CA214764AD4D02
SHA256:69E56887CAF622CDA9BA6380BFC46BC08BA2E80361D9B087B79BF12D40B07F75
3260seederexe.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journalbinary
MD5:671CA997B85748599AD5E7F3F8EF9866
SHA256:0528CE21EEB3F991A4E617F6381C448B959563381ADF30B45DBF1136533A63DE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
64
DNS requests
22
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4100
YandexPackLoader.exe
GET
302
5.45.205.245:80
http://downloader.yandex.net/yandex-pack/downloader/info.rss
RU
whitelisted
4100
YandexPackLoader.exe
GET
302
5.45.205.241:80
http://download.yandex.ru/yandex-pack/downloader/info.rss
RU
whitelisted
4100
YandexPackLoader.exe
GET
302
5.45.205.245:80
http://downloader.yandex.net/yandex-pack/70510/YandexPackSetup.exe
RU
whitelisted
GET
302
5.45.205.244:80
http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2597987-830&ui={82813a06-e6c8-4487-9802-8964760c89bb}
RU
whitelisted
5952
MoUsoCoreWorker.exe
GET
200
2.21.20.137:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
1.11 Kb
whitelisted
GET
200
87.250.251.14:80
http://clck.yandex.ru/click/dtype=stred/pid=198/cid=73002/path=0.winapi_download/ui=%7B82813a06-e6c8-4487-9802-8964760c89bb%7D/clid1=2597987-830/dt=0/ds=0/bits=7_8_19041_1266/bver=0_0_0_0/prod_version=1_0_1_88/result=ok/*
RU
image
43 b
whitelisted
4100
YandexPackLoader.exe
GET
200
185.70.202.15:80
http://ext-cachev2-itt03.cdn.yandex.net/downloader.yandex.net/yandex-pack/70510/YandexPackSetup.exe?lid=1529
IT
executable
10.1 Mb
whitelisted
GET
200
149.5.241.43:80
http://ext-cachev2-cogent03.cdn.yandex.net/downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2597987-830&ui={82813a06-e6c8-4487-9802-8964760c89bb}&lid=1503
US
executable
3.12 Mb
shared
4100
YandexPackLoader.exe
GET
200
149.5.241.41:80
http://ext-cachev2-cogent01.cdn.yandex.net/download.yandex.ru/yandex-pack/downloader/info.rss?lid=1503
US
xml
267 b
whitelisted
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/rootr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHUeP1PjGFkz6V8I7O6tApc%3D
US
binary
1.41 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5952
MoUsoCoreWorker.exe
2.21.20.133:80
Akamai International B.V.
DE
suspicious
4100
YandexPackLoader.exe
5.45.205.244:80
downloader.yandex.net
YANDEX LLC
RU
whitelisted
20.190.160.22:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4736
SearchApp.exe
2.16.186.203:443
Akamai International B.V.
DE
whitelisted
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.18.233.62:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5756
svchost.exe
20.190.160.17:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4100
YandexPackLoader.exe
5.45.205.245:80
downloader.yandex.net
YANDEX LLC
RU
whitelisted
4100
YandexPackLoader.exe
149.5.241.41:80
ext-cachev2-cogent01.cdn.yandex.net
COGENT-174
FR
malicious
6388
SIHClient.exe
2.18.233.62:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
downloader.yandex.net
  • 5.45.205.244
  • 5.45.205.245
  • 5.45.205.241
  • 5.45.205.242
  • 5.45.205.243
whitelisted
officeclient.microsoft.com
  • 52.109.52.148
whitelisted
www.microsoft.com
  • 2.18.233.62
  • 88.221.169.152
whitelisted
ext-cachev2-cogent01.cdn.yandex.net
  • 149.5.241.41
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
nexusrules.officeapps.live.com
  • 52.109.77.1
whitelisted
login.live.com
  • 40.126.32.68
  • 20.190.160.17
  • 20.190.160.22
  • 20.190.160.20
  • 40.126.32.76
  • 40.126.32.74
  • 20.190.160.14
  • 40.126.32.136
whitelisted
download.yandex.ru
  • 5.45.205.241
  • 5.45.205.242
  • 5.45.205.243
  • 5.45.205.244
  • 5.45.205.245
whitelisted
ext-cachev2-itt03.cdn.yandex.net
whitelisted
ocsp.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Attempted Information Leak
ET POLICY curl User-Agent Outbound
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
2 ETPRO signatures available at the full report
Process
Message
YandexPackSetup.exe
IsAlreadyRun() In
YandexPackSetup.exe
IsAlreadyRun() In
YandexPackSetup.exe
IsAlreadyRun() Out : ret (BOOL) = 0
YandexPackSetup.exe
IsMSISrvFree() In
YandexPackSetup.exe
IsMSISrvFree() : OpenMutex() err ret = 2
YandexPackSetup.exe
IsMSISrvFree() Out ret = 1
YandexPackSetup.exe
IsAlreadyRun() Out : ret (BOOL) = 0
YandexPackSetup.exe
IsMSISrvFree() In
YandexPackSetup.exe
IsMSISrvFree() : OpenMutex() err ret = 2
YandexPackSetup.exe
IsMSISrvFree() Out ret = 1
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
YandexPackLoader.exe