File name: | Yandex.exe |
Full analysis: | https://app.any.run/tasks/7ef7ceb6-6833-4004-8442-031eb2d18e0f |
Verdict: | Malicious activity |
Analysis date: | April 14, 2019, 20:16:44 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 3D611D16FEA99AA0FA56085485C9CB5D |
SHA1: | 1AD7488ECAADA764E84AB1CA3D53AF75A435967E |
SHA256: | DD3EA602199F490A179170816A29B21727671887C114A46669CDE01EB49089E0 |
SSDEEP: | 24576:eW1+qGEUnBUBmEuHr+QDodTJvTAaFaiH6:H8BJ+iod1vTCd |
.exe | | | Generic Win/DOS Executable (50) |
---|---|---|
.exe | | | DOS Executable Generic (49.9) |
OfficialBuild: | 1 |
---|---|
LastChange: | f291cd76ba21f855939afee43aa27aaa2ca3fde1 |
ProductShortName: | Yandex Installer |
CompanyShortName: | YANDEX LLC |
ProductYandexVersion: | 19.3.2.177 |
ProductChromiumVersion: | 72.0.3626.121 |
ProductVersion: | 19.3.2.177 |
ProductName: | Yandex |
LegalCopyright: | Copyright (c) 2012-2018 YANDEX LLC. All Rights Reserved. |
InternalName: | lite_installer |
FileVersion: | 19.3.2.177 |
FileDescription: | Yandex |
CompanyName: | YANDEX LLC |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x0017 |
ProductVersionNumber: | 19.3.2.177 |
FileVersionNumber: | 19.3.2.177 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5.1 |
ImageVersion: | - |
OSVersion: | 5.1 |
EntryPoint: | 0x3eca0 |
UninitializedDataSize: | - |
InitializedDataSize: | 475648 |
CodeSize: | 384512 |
LinkerVersion: | 14 |
PEType: | PE32 |
TimeStamp: | 2019:04:08 07:00:00+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 08-Apr-2019 05:00:00 |
Detected languages: |
|
Debug artifacts: |
|
CompanyName: | YANDEX LLC |
FileDescription: | Yandex |
FileVersion: | 19.3.2.177 |
InternalName: | lite_installer |
LegalCopyright: | Copyright (c) 2012-2018 YANDEX LLC. All Rights Reserved. |
ProductName: | Yandex |
ProductVersion: | 19.3.2.177 |
ProductChromiumVersion: | 72.0.3626.121 |
ProductYandexVersion: | 19.3.2.177 |
CompanyShortName: | YANDEX LLC |
ProductShortName: | Yandex Installer |
LastChange: | f291cd76ba21f855939afee43aa27aaa2ca3fde1 |
Official Build: | 1 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0078 |
Pages in file: | 0x0001 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0x0000 |
Initial SS value: | 0x0000 |
Initial SP value: | 0x0000 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000078 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 9 |
Time date stamp: | 08-Apr-2019 05:00:00 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0005DD70 | 0x0005DE00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.6467 |
.rdata | 0x0005F000 | 0x00017E0C | 0x00018000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.12611 |
.data | 0x00077000 | 0x0000239C | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.89452 |
.00cfg | 0x0007A000 | 0x00000004 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.0611629 |
.tls | 0x0007B000 | 0x00000009 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0203931 |
SHARED | 0x0007C000 | 0x00000004 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_WRITE | 0 |
Shared | 0x0007D000 | 0x00001052 | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_WRITE | 0 |
.rsrc | 0x0007F000 | 0x000554AC | 0x00055600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.30894 |
.reloc | 0x000D5000 | 0x00003FC8 | 0x00004000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.69778 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.1744 | 2002 | Latin 1 / Western European | English - United States | RT_MANIFEST |
2 | 4.44702 | 9832 | Latin 1 / Western European | UNKNOWN | RT_ICON |
3 | 4.58339 | 4392 | Latin 1 / Western European | UNKNOWN | RT_ICON |
4 | 4.56164 | 2488 | Latin 1 / Western European | UNKNOWN | RT_ICON |
5 | 4.80269 | 1128 | Latin 1 / Western European | UNKNOWN | RT_ICON |
26 | 3.34409 | 1120 | Latin 1 / Western European | Spanish - Spain (International sort) | RT_STRING |
27 | 3.2921 | 1658 | Latin 1 / Western European | Spanish - Spain (International sort) | RT_STRING |
28 | 3.21322 | 672 | Latin 1 / Western European | Spanish - Spain (International sort) | RT_STRING |
128 | 2.68263 | 76 | Latin 1 / Western European | UNKNOWN | RT_GROUP_ICON |
129 | 2.07664 | 406 | Latin 1 / Western European | UNKNOWN | RT_DIALOG |
GDI32.dll (delay-loaded) |
KERNEL32.dll |
WINHTTP.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3072 | "C:\Users\admin\AppData\Local\Temp\Yandex.exe" | C:\Users\admin\AppData\Local\Temp\Yandex.exe | explorer.exe | |
User: admin Company: YANDEX LLC Integrity Level: MEDIUM Description: Yandex Exit code: 400 Version: 19.3.2.177 | ||||
3904 | "C:\Users\admin\AppData\Local\Temp\3072_29363\Yandex.exe" --spawned_in_protected_dir | C:\Users\admin\AppData\Local\Temp\3072_29363\Yandex.exe | Yandex.exe | |
User: admin Company: YANDEX LLC Integrity Level: MEDIUM Description: Yandex Exit code: 400 Version: 19.3.2.177 | ||||
2976 | "C:\Users\admin\AppData\Local\Temp\3072_29363\Yandex.exe" --parent-installer-process-id=3904 --run-as-admin --setup-cmd-line="fake_browser_arc --brand-name=int --make-browser-default-after-import --ok-button-pressed-time=1248114257 --progress-window=196912 --send-statistics --spawned_in_protected_dir --verbose-logging" --spawned_in_protected_dir | C:\Users\admin\AppData\Local\Temp\3072_29363\Yandex.exe | Yandex.exe | |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Exit code: 0 Version: 19.3.2.177 | ||||
4084 | "C:\Users\admin\AppData\Local\Temp\ybFE0F.tmp" --brand-name=int --brand-package="C:\Users\admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\admin\AppData\Local\Temp\clids_searchband.xml" --installerdata="C:\Users\admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=1248114257 --progress-window=196912 --send-statistics --source=lite --spawned_in_protected_dir --verbose-logging --yandex-website-icon-file="C:\Users\admin\AppData\Local\Temp\website.ico" | C:\Users\admin\AppData\Local\Temp\ybFE0F.tmp | Yandex.exe | |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Installer Exit code: 1 Version: 19.3.2.177 | ||||
2264 | "C:\Users\admin\AppData\Local\Temp\YB_04051.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Temp\YB_04051.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\admin\AppData\Local\Temp\YB_04051.tmp\SEARCHBAND.EXE" --brand-name=int --brand-package="C:\Users\admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\admin\AppData\Local\Temp\clids_searchband.xml" --installerdata="C:\Users\admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=1248114257 --progress-window=196912 --send-statistics --source=lite --spawned_in_protected_dir --verbose-logging --yandex-website-icon-file="C:\Users\admin\AppData\Local\Temp\website.ico" | C:\Users\admin\AppData\Local\Temp\YB_04051.tmp\setup.exe | — | ybFE0F.tmp |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Exit code: 1 Version: 19.3.2.177 | ||||
1532 | "C:\Users\admin\AppData\Local\Temp\YB_04051.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Temp\YB_04051.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\admin\AppData\Local\Temp\YB_04051.tmp\SEARCHBAND.EXE" --brand-name=int --brand-package="C:\Users\admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\admin\AppData\Local\Temp\clids_searchband.xml" --installerdata="C:\Users\admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=1248114257 --progress-window=196912 --send-statistics --source=lite --spawned_in_protected_dir --verbose-logging --yandex-website-icon-file="C:\Users\admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=1312348632 | C:\Users\admin\AppData\Local\Temp\YB_04051.tmp\setup.exe | setup.exe | |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Exit code: 1 Version: 19.3.2.177 | ||||
3352 | C:\Users\admin\AppData\Local\Temp\YB_04051.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=5f735395d68db0638bd0a2a58101e17a --annotation=main_process_pid=1532 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=19.3.2.177 --initial-client-data=0xfc,0x104,0x108,0xf8,0x10c,0x15c9b00,0x15c9b10,0x15c9b1c,0x100 | C:\Users\admin\AppData\Local\Temp\YB_04051.tmp\setup.exe | — | setup.exe |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Exit code: 0 Version: 19.3.2.177 | ||||
3604 | "C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\19.3.2.177\service_update.exe" --setup | C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\19.3.2.177\service_update.exe | setup.exe | |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Exit code: 0 Version: 19.3.2.177 | ||||
2744 | "C:\Users\admin\AppData\Local\Temp\3604_15800\service_update.exe" --setup --spawned_in_protected_dir | C:\Users\admin\AppData\Local\Temp\3604_15800\service_update.exe | service_update.exe | |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Exit code: 0 Version: 19.3.2.177 | ||||
2896 | "C:\Program Files\Yandex\YandexBrowser\19.3.2.177\service_update.exe" --install | C:\Program Files\Yandex\YandexBrowser\19.3.2.177\service_update.exe | — | service_update.exe |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Exit code: 0 Version: 19.3.2.177 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3904 | Yandex.exe | C:\Users\admin\AppData\Local\Temp\BrandFile | compressed | |
MD5:103E26B20070A3978AE11E489B391997 | SHA256:82FC4A4A69FF708953B1A4325DD18A546B289767C71B6FBA4915E5247A516247 | |||
3904 | Yandex.exe | C:\Users\admin\AppData\Local\Temp\lite_installer.log | text | |
MD5:EFB6E6F960D016F6C75DABDE6E641714 | SHA256:53CA373EF7EFB1BB813390533577E50D82D69066CE171FAECC161A44B6F176FB | |||
3072 | Yandex.exe | C:\Users\admin\AppData\Local\Temp\3072_29363\Yandex.exe | executable | |
MD5:3D611D16FEA99AA0FA56085485C9CB5D | SHA256:DD3EA602199F490A179170816A29B21727671887C114A46669CDE01EB49089E0 | |||
3904 | Yandex.exe | C:\Users\admin\AppData\Local\Temp\master_preferences | text | |
MD5:47AE429198ABC91BB9501F0E3B596625 | SHA256:7A1F703E41F815ACDD0F930AC4E755135F53ACC129D1E7A0D914D4AA8201A798 | |||
3904 | Yandex.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\02[1].jpg | image | |
MD5:80474334D8C8103694B74210202AF262 | SHA256:FFF8173813D6DCE75D102EA6DCCA7E0A5E165A3114AD3FCAEEE746FFDA7D6F48 | |||
3904 | Yandex.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@yandex[1].txt | text | |
MD5:74D2E82C0D9EC008B3A686B736B0552C | SHA256:5E65F863EC6FF12EE65E77D63FDF9063E4E976EE9C6A653208DCBEC5158A21F8 | |||
3904 | Yandex.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\04[1].jpg | image | |
MD5:D6268A028829299CAD44A37B14B31684 | SHA256:2DECCB5FD27800F419AA29988C907B412A365028A1D51385271469353CA0310C | |||
2976 | Yandex.exe | C:\Users\admin\AppData\Local\Temp\lite_installer.log | text | |
MD5:36C881BAC9F218BD055658CD3ACE3CA2 | SHA256:0D1AEEB0BE51C813E489A32A1DED29E4119245B4A90C96FAADB1CC6650B48DEC | |||
3904 | Yandex.exe | C:\Users\admin\AppData\Local\Temp\clids_searchband.xml | xml | |
MD5:9D7D2462B3692AC270E7107848AF69C7 | SHA256:208359DE854C2CE535F416D5524EBDA939E4B8E44DE350E9ED57E846BEC65CEF | |||
3904 | Yandex.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\03[1].jpg | image | |
MD5:4B2D4EDF92463442F1F3E4F84971BF7E | SHA256:8E35E26C8F5B714B4CD319878150782DE715CE34FF0A5219354D71C5F5EE788D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3904 | Yandex.exe | GET | 200 | 104.18.21.226:80 | http://crl.globalsign.com/gs/gstimestampingg2.crl | US | der | 905 b | whitelisted |
3904 | Yandex.exe | GET | 200 | 104.18.21.226:80 | http://ocsp2.globalsign.com/gscodesigng3/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTHTu2Y6Nr%2FMkfa3PrlxnwonnIpxQQUs9Pm1XFWfTlYs3jSK7j3oR%2F9S5sCDGUxOJI7m%2BYpSWV%2FXQ%3D%3D | US | der | 1.50 Kb | whitelisted |
3044 | service_update.exe | GET | 200 | 104.18.20.226:80 | http://crl.globalsign.net/root.crl | US | der | 782 b | whitelisted |
3904 | Yandex.exe | GET | 200 | 104.18.20.226:80 | http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkfDD%2F78IrsoD5b%2Bp1JR | US | der | 1.49 Kb | whitelisted |
3904 | Yandex.exe | GET | 200 | 104.18.20.226:80 | http://crl.globalsign.net/root.crl | US | der | 782 b | whitelisted |
3044 | service_update.exe | GET | 200 | 104.18.20.226:80 | http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkfDD%2F78IrsoD5b%2Bp1JR | US | der | 1.49 Kb | whitelisted |
2972 | service_update.exe | GET | 200 | 151.139.236.246:80 | http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPEy22YwaechGnr30oNYJY6w%2FsCEQCTkoVAAWVxX5R%2FKI%2FvyZso | US | der | 1.62 Kb | whitelisted |
3044 | service_update.exe | GET | 200 | 104.18.21.226:80 | http://ocsp2.globalsign.com/gscodesigng3/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTHTu2Y6Nr%2FMkfa3PrlxnwonnIpxQQUs9Pm1XFWfTlYs3jSK7j3oR%2F9S5sCDGUxOJI7m%2BYpSWV%2FXQ%3D%3D | US | der | 1.50 Kb | whitelisted |
2972 | service_update.exe | GET | 200 | 151.139.236.246:80 | http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTYOkzrrCGQj08njZXbUQQpkoUmuQQUCHbNywf%2FJPbFze27kLzihDdGdfcCEQDkBUeDDgxkUpdvejVJwN1I | US | der | 1.66 Kb | whitelisted |
3044 | service_update.exe | GET | 200 | 104.18.21.226:80 | http://crl.globalsign.com/gs/gstimestampingg2.crl | US | der | 905 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3904 | Yandex.exe | 93.158.134.82:443 | api.browser.yandex.ru | YANDEX LLC | RU | unknown |
3904 | Yandex.exe | 87.250.250.221:443 | cache-default99v.cdn.yandex.net | YANDEX LLC | RU | whitelisted |
3904 | Yandex.exe | 37.140.166.229:443 | cache-default05h.cdn.yandex.net | YANDEX LLC | RU | whitelisted |
3904 | Yandex.exe | 213.180.193.14:443 | clck.yandex.ru | YANDEX LLC | RU | whitelisted |
3904 | Yandex.exe | 37.140.166.230:443 | cache-default06h.cdn.yandex.net | YANDEX LLC | RU | whitelisted |
3904 | Yandex.exe | 37.140.166.227:443 | cache-default03h.cdn.yandex.net | YANDEX LLC | RU | whitelisted |
3904 | Yandex.exe | 5.45.205.245:443 | download.cdn.yandex.net | YANDEX LLC | RU | whitelisted |
3904 | Yandex.exe | 37.140.166.226:443 | cache-default02h.cdn.yandex.net | YANDEX LLC | RU | whitelisted |
3904 | Yandex.exe | 37.140.166.228:443 | cache-default04h.cdn.yandex.net | YANDEX LLC | RU | whitelisted |
3904 | Yandex.exe | 37.140.166.225:443 | cache-default01h.cdn.yandex.net | YANDEX LLC | RU | whitelisted |
Domain | IP | Reputation |
---|---|---|
download.cdn.yandex.net |
| whitelisted |
api.browser.yandex.ru |
| whitelisted |
cache-default99v.cdn.yandex.net |
| whitelisted |
clck.yandex.ru |
| whitelisted |
cache-default06h.cdn.yandex.net |
| whitelisted |
cache-default02h.cdn.yandex.net |
| whitelisted |
cache-default03h.cdn.yandex.net |
| whitelisted |
cache-default05h.cdn.yandex.net |
| whitelisted |
cache-default04h.cdn.yandex.net |
| whitelisted |
cache-default99i.cdn.yandex.net |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3904 | Yandex.exe | Generic Protocol Command Decode | SURICATA STREAM excessive retransmissions |
Process | Message |
---|---|
clidmgr.exe | GetSidFromEnumSess(): i = 0 : szUserName = Administrator, szDomain = USER-PC, dwSessionId = 0
|
clidmgr.exe | GetSidFromEnumSess(): i = 0 : szUserName = Administrator, szDomain = USER-PC, dwSessionId = 0
|
clidmgr.exe | GetSidFromEnumSess(): LsaEnumerateLogonSessions() lpszSid = S-1-5-21-1302019708-1500728564-335382590-1000
|
clidmgr.exe | GetSidFromEnumSess(): LsaEnumerateLogonSessions() lpszSid = S-1-5-21-1302019708-1500728564-335382590-1000
|
clidmgr.exe | GetLoggedCreds_WTSSessionInfo(): szUserName = admin, szDomain = USER-PC, dwSessionId = 1
|
clidmgr.exe | GetSidFromEnumSess(): i = 0 : szUserName = Administrator, szDomain = USER-PC, dwSessionId = 0
|
clidmgr.exe | GetSidFromEnumSess(): ProfileImagePath(1) = C:\Users\admin
|
clidmgr.exe | GetSidFromEnumSess(): LsaEnumerateLogonSessions() lpszSid = S-1-5-21-1302019708-1500728564-335382590-1000
|
clidmgr.exe | GetLoggedCreds_WTSSessionInfo(): szUserName = admin, szDomain = USER-PC, dwSessionId = 1
|
clidmgr.exe | GetSidFromEnumSess(): i = 0 : szUserName = Administrator, szDomain = USER-PC, dwSessionId = 0
|