File name: | Yandex.exe |
Full analysis: | https://app.any.run/tasks/389fb04d-01c4-458b-9c46-5e3c41a7cba3 |
Verdict: | Malicious activity |
Analysis date: | October 20, 2020, 03:28:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | D5270D5FABF01E912CCA740398716D32 |
SHA1: | E8F2A988AE9D0C093E10942E3025B3DDACE470E6 |
SHA256: | F4252FF60CCF2519F48803C0B29FED6BCDC89B7473CB9D4F8986DD8204FED488 |
SSDEEP: | 49152:Kw0UHgKGYkxDFVDT4ryX9DdW+bZkAJDgQxYB0TqBu4FisGH4rW51UryiySLA5A:Kpb5X9DdWyZJBgQxcg+5maMWuiymA5 |
.exe | | | Generic Win/DOS Executable (50) |
---|---|---|
.exe | | | DOS Executable Generic (49.9) |
OfficialBuild: | 1 |
---|---|
LastChange: | 93e1663902ab082626206d904205e340531558a0 |
ProductShortName: | Yandex Installer |
CompanyShortName: | YANDEX LLC |
ProductYandexVersion: | 20.9.1.68 |
ProductChromiumVersion: | 85.0.4183.102 |
ProductVersion: | 20.9.1.68 |
ProductName: | Yandex |
LegalCopyright: | Copyright (c) 2012-2020 YANDEX LLC. All Rights Reserved. |
InternalName: | lite_installer |
FileVersion: | 20.9.1.68 |
FileDescription: | Yandex |
CompanyName: | YANDEX LLC |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x0017 |
ProductVersionNumber: | 20.9.1.68 |
FileVersionNumber: | 20.9.1.68 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5.1 |
ImageVersion: | - |
OSVersion: | 5.1 |
EntryPoint: | 0xb1420 |
UninitializedDataSize: | - |
InitializedDataSize: | 1424384 |
CodeSize: | 886272 |
LinkerVersion: | 14 |
PEType: | PE32 |
TimeStamp: | 2020:09:24 16:19:10+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 24-Sep-2020 14:19:10 |
Detected languages: |
|
TLS Callbacks: | 2 callback(s) detected. |
Debug artifacts: |
|
CompanyName: | YANDEX LLC |
FileDescription: | Yandex |
FileVersion: | 20.9.1.68 |
InternalName: | lite_installer |
LegalCopyright: | Copyright (c) 2012-2020 YANDEX LLC. All Rights Reserved. |
ProductName: | Yandex |
ProductVersion: | 20.9.1.68 |
ProductChromiumVersion: | 85.0.4183.102 |
ProductYandexVersion: | 20.9.1.68 |
CompanyShortName: | YANDEX LLC |
ProductShortName: | Yandex Installer |
LastChange: | 93e1663902ab082626206d904205e340531558a0 |
Official Build: | 1 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0078 |
Pages in file: | 0x0001 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0x0000 |
Initial SS value: | 0x0000 |
Initial SP value: | 0x0000 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000078 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 10 |
Time date stamp: | 24-Sep-2020 14:19:10 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000D8452 | 0x000D8600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.66129 |
.rdata | 0x000DA000 | 0x00024B78 | 0x00024C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.76514 |
.data | 0x000FF000 | 0x00005D58 | 0x00003000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.56803 |
.00cfg | 0x00105000 | 0x00000004 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.0611629 |
.tls | 0x00106000 | 0x00000009 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0203931 |
.voltbl | 0x00107000 | 0x00000134 | 0x00000200 | 4.58776 | |
SHARED | 0x00108000 | 0x00000004 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_WRITE | 0 |
Shared | 0x00109000 | 0x000010D6 | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_WRITE | 0 |
.rsrc | 0x0010B000 | 0x0012A3A8 | 0x0012A400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.93346 |
.reloc | 0x00236000 | 0x00008218 | 0x00008400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.64825 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.1744 | 2002 | Latin 1 / Western European | English - United States | RT_MANIFEST |
2 | 4.44702 | 9832 | Latin 1 / Western European | UNKNOWN | RT_ICON |
3 | 4.58339 | 4392 | Latin 1 / Western European | UNKNOWN | RT_ICON |
4 | 4.56164 | 2488 | Latin 1 / Western European | UNKNOWN | RT_ICON |
5 | 4.80269 | 1128 | Latin 1 / Western European | UNKNOWN | RT_ICON |
26 | 3.34409 | 1120 | Latin 1 / Western European | Spanish - Spain (International sort) | RT_STRING |
27 | 3.2921 | 1658 | Latin 1 / Western European | Spanish - Spain (International sort) | RT_STRING |
28 | 3.21322 | 672 | Latin 1 / Western European | Spanish - Spain (International sort) | RT_STRING |
128 | 2.68263 | 76 | Latin 1 / Western European | UNKNOWN | RT_GROUP_ICON |
129 | 2.11614 | 406 | Latin 1 / Western European | UNKNOWN | RT_DIALOG |
ADVAPI32.dll (delay-loaded) |
KERNEL32.dll |
Title | Ordinal | Address |
---|---|---|
0 | 0x00000000 | |
GetHandleVerifier | 1 | 0x0007F260 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2516 | "C:\Users\admin\AppData\Local\Temp\Yandex.exe" | C:\Users\admin\AppData\Local\Temp\Yandex.exe | explorer.exe | |
User: admin Company: YANDEX LLC Integrity Level: MEDIUM Description: Yandex Version: 20.9.1.68 | ||||
3256 | "C:\Users\admin\AppData\Local\Temp\Yandex.exe" --parent-installer-process-id=2516 --run-as-admin --setup-cmd-line="fake_browser_arc --brand-name=int --distr-info-file=\"C:\Users\admin\AppData\Local\Temp\distrib_info\" --distribution-channel=beta --ok-button-pressed-time=2985191406 --progress-window=786734 --variations-update-path=\"C:\Users\admin\AppData\Local\Temp\51b9c59a-c387-4b28-90fb-2aa96bd2ac80.tmp\" --verbose-logging" | C:\Users\admin\AppData\Local\Temp\Yandex.exe | Yandex.exe | |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Version: 20.9.1.68 | ||||
3376 | "C:\Users\admin\AppData\Local\Temp\yb43B5.tmp" --brand-name=int --brand-package="C:\Users\admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\admin\AppData\Local\Temp\distrib_info" --distribution-channel=beta --histogram-download-time=92 --install-start-time-no-uac=2986097656 --installerdata="C:\Users\admin\AppData\Local\Temp\master_preferences" --ok-button-pressed-time=2985191406 --partner-package="C:\Users\admin\AppData\Local\Temp\PartnerFile" --progress-window=786734 --source=lite --variations-update-path="C:\Users\admin\AppData\Local\Temp\51b9c59a-c387-4b28-90fb-2aa96bd2ac80.tmp" --verbose-logging | C:\Users\admin\AppData\Local\Temp\yb43B5.tmp | Yandex.exe | |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Installer Version: 20.9.1.68 | ||||
1176 | "C:\Users\admin\AppData\Local\Temp\YB_30B32.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Temp\YB_30B32.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\admin\AppData\Local\Temp\YB_30B32.tmp\SEARCHBAND.EXE" --brand-name=int --brand-package="C:\Users\admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\admin\AppData\Local\Temp\distrib_info" --distribution-channel=beta --histogram-download-time=92 --install-start-time-no-uac=2986097656 --installerdata="C:\Users\admin\AppData\Local\Temp\master_preferences" --ok-button-pressed-time=2985191406 --partner-package="C:\Users\admin\AppData\Local\Temp\PartnerFile" --progress-window=786734 --source=lite --variations-update-path="C:\Users\admin\AppData\Local\Temp\51b9c59a-c387-4b28-90fb-2aa96bd2ac80.tmp" --verbose-logging | C:\Users\admin\AppData\Local\Temp\YB_30B32.tmp\setup.exe | yb43B5.tmp | |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Exit code: 1 Version: 20.9.1.68 | ||||
2532 | "C:\Users\admin\AppData\Local\Temp\YB_30B32.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Temp\YB_30B32.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\admin\AppData\Local\Temp\YB_30B32.tmp\SEARCHBAND.EXE" --brand-name=int --brand-package="C:\Users\admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\admin\AppData\Local\Temp\distrib_info" --distribution-channel=beta --histogram-download-time=92 --install-start-time-no-uac=2986097656 --installerdata="C:\Users\admin\AppData\Local\Temp\master_preferences" --ok-button-pressed-time=2985191406 --partner-package="C:\Users\admin\AppData\Local\Temp\PartnerFile" --progress-window=786734 --source=lite --variations-update-path="C:\Users\admin\AppData\Local\Temp\51b9c59a-c387-4b28-90fb-2aa96bd2ac80.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=3060628906 | C:\Users\admin\AppData\Local\Temp\YB_30B32.tmp\setup.exe | setup.exe | |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Exit code: 1 Version: 20.9.1.68 | ||||
2604 | C:\Users\admin\AppData\Local\Temp\YB_30B32.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=channel=beta --annotation=machine_id=5f735395d68db0638bd0a2a58101e17a --annotation=main_process_pid=2532 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=20.9.1.68 --initial-client-data=0x194,0x198,0x19c,0x168,0x1a0,0xf564f0,0xf56500,0xf5650c | C:\Users\admin\AppData\Local\Temp\YB_30B32.tmp\setup.exe | setup.exe | |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Exit code: 0 Version: 20.9.1.68 | ||||
540 | "C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\20.9.1.68\service_update.exe" --setup | C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\20.9.1.68\service_update.exe | setup.exe | |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Exit code: 0 Version: 20.9.1.68 | ||||
1752 | "C:\Program Files\Yandex\YandexBrowser\20.9.1.68\service_update.exe" --install | C:\Program Files\Yandex\YandexBrowser\20.9.1.68\service_update.exe | service_update.exe | |
User: admin Company: YANDEX LLC Integrity Level: HIGH Description: Yandex Exit code: 0 Version: 20.9.1.68 | ||||
2028 | "C:\Program Files\Yandex\YandexBrowser\20.9.1.68\service_update.exe" --run-as-service | C:\Program Files\Yandex\YandexBrowser\20.9.1.68\service_update.exe | services.exe | |
User: SYSTEM Company: YANDEX LLC Integrity Level: SYSTEM Description: Yandex Version: 20.9.1.68 | ||||
2896 | "C:\Program Files\Yandex\YandexBrowser\20.9.1.68\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=channel=beta --annotation=machine_id=5f735395d68db0638bd0a2a58101e17a --annotation=main_process_pid=2028 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=20.9.1.68 --initial-client-data=0x110,0x114,0x118,0xe4,0x11c,0x10732b0,0x10732c0,0x10732cc | C:\Program Files\Yandex\YandexBrowser\20.9.1.68\service_update.exe | service_update.exe | |
User: SYSTEM Company: YANDEX LLC Integrity Level: SYSTEM Description: Yandex Version: 20.9.1.68 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2516 | Yandex.exe | C:\Users\admin\AppData\Roaming\Yandex\ui | text | |
MD5:CC2F00A3AE71476E8312A1AAFBE9D34B | SHA256:BB9F46131FB1710DB357E851A56D1706F277009092470DB5D0E97FBE30C877DD | |||
2516 | Yandex.exe | C:\Users\admin\AppData\Local\Temp\distrib_info | text | |
MD5:864BBA3C181EE71A2531CAB6A4AF1535 | SHA256:5316635A1383C8816C94A31102C840AC1A059CA29CC2E68C8AA15C230D56B467 | |||
2516 | Yandex.exe | C:\Users\admin\AppData\Local\Temp\PartnerFile | compressed | |
MD5:636583321FD6FF0669721F637E7C4C0A | SHA256:3150489B4456275988002CBDC24FDED292765BACF8568ABE23FEBADFBBCA7A73 | |||
2516 | Yandex.exe | C:\Users\admin\AppData\Local\Temp\lite_installer.log | text | |
MD5:33797AF96DF7895D1ABF95D9C1F2AF37 | SHA256:506EE27E99CD143AF6A9F11BB2AE7825CD6107E8DFC7FBBBDAE9B949650FF10B | |||
2516 | Yandex.exe | C:\Users\admin\AppData\Local\Temp\BrandFile | compressed | |
MD5:D03A39EDDA9D967CDA3079FF8D73E516 | SHA256:F8E00410F3392A562E5ADCF9C4A32C460A3B6F68AF761E656121187FC6DD51B1 | |||
2516 | Yandex.exe | C:\Users\admin\AppData\Local\Temp\website.ico | — | |
MD5:— | SHA256:— | |||
2516 | Yandex.exe | C:\Users\admin\AppData\Local\Temp\Cab4C80.tmp | — | |
MD5:— | SHA256:— | |||
2516 | Yandex.exe | C:\Users\admin\AppData\Local\Temp\Tar4C81.tmp | — | |
MD5:— | SHA256:— | |||
2516 | Yandex.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\68FAF71AF355126BCA00CE2E73CC7374_77B682CF3AAC7B00161DFFF7DEA4CC8C | der | |
MD5:F819CC47E87D48C6F88659985AEB975D | SHA256:1CE69E13E8AE4F48144FA17DF96868E9F5FF64033AF851A73FD065BD5EC38C87 | |||
2516 | Yandex.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\68FAF71AF355126BCA00CE2E73CC7374_77B682CF3AAC7B00161DFFF7DEA4CC8C | binary | |
MD5:A9C7E21D4A2C5607B527910D66A3E6BE | SHA256:3ED4777B2466B979222A871A7362B219E498034DAD807E79C8134E17DDE9B646 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2516 | Yandex.exe | GET | 200 | 5.45.205.243:80 | http://yandex.ocsp-responder.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBStniMGfahyWUWDEeSLUFbNR9JLAgQUN1zjGeCyjqGoTtLPq9Dc4wtcNU0CEDPsoYYqql5ITGW13mI%2FVzY%3D | RU | der | 1.48 Kb | whitelisted |
2516 | Yandex.exe | GET | 200 | 151.139.236.246:80 | http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPEy22YwaechGnr30oNYJY6w%2FsCEQCTkoVAAWVxX5R%2FKI%2FvyZso | US | der | 1.58 Kb | whitelisted |
2516 | Yandex.exe | GET | 200 | 5.45.205.243:80 | http://yandex.ocsp-responder.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBStniMGfahyWUWDEeSLUFbNR9JLAgQUN1zjGeCyjqGoTtLPq9Dc4wtcNU0CEDNM55%2BDg81RdfcQe7CLguA%3D | RU | der | 1.48 Kb | whitelisted |
2516 | Yandex.exe | GET | 200 | 151.139.236.246:80 | http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTYOkzrrCGQj08njZXbUQQpkoUmuQQUCHbNywf%2FJPbFze27kLzihDdGdfcCEQDkBUeDDgxkUpdvejVJwN1I | US | der | 1.63 Kb | whitelisted |
2516 | Yandex.exe | GET | 200 | 104.18.21.226:80 | http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkfDD%2F78IrsoD5b%2Bp1JR | US | der | 1.49 Kb | whitelisted |
2516 | Yandex.exe | GET | 200 | 104.18.21.226:80 | http://ocsp2.globalsign.com/gscodesigng3/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTHTu2Y6Nr%2FMkfa3PrlxnwonnIpxQQUs9Pm1XFWfTlYs3jSK7j3oR%2F9S5sCDCuytRimSukjpAszfw%3D%3D | US | der | 1.50 Kb | whitelisted |
2516 | Yandex.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAb9%2BQOWA63qAArrPye7uhs%3D | US | der | 471 b | whitelisted |
492 | service_update.exe | GET | 200 | 151.139.236.246:80 | http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTYOkzrrCGQj08njZXbUQQpkoUmuQQUCHbNywf%2FJPbFze27kLzihDdGdfcCEQDkBUeDDgxkUpdvejVJwN1I | US | der | 1.63 Kb | whitelisted |
2516 | Yandex.exe | GET | 200 | 104.18.20.226:80 | http://secure.globalsign.com/cacert/gscodesigng3ocsp.crt | US | der | 1.14 Kb | whitelisted |
2516 | Yandex.exe | GET | 200 | 5.45.205.243:80 | http://yandex.ocsp-responder.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBStniMGfahyWUWDEeSLUFbNR9JLAgQUN1zjGeCyjqGoTtLPq9Dc4wtcNU0CEEl1t5jSFZZ1pakW2ipzwrY%3D | RU | der | 1.48 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2516 | Yandex.exe | 5.45.205.243:80 | download.cdn.yandex.net | YANDEX LLC | RU | whitelisted |
2516 | Yandex.exe | 5.45.222.25:443 | cache-mskmar01.cdn.yandex.net | YANDEX LLC | RU | unknown |
2516 | Yandex.exe | 5.45.220.16:443 | cache-mskm906.cdn.yandex.net | YANDEX LLC | RU | whitelisted |
2516 | Yandex.exe | 5.45.222.34:443 | cache-mskmar10.cdn.yandex.net | YANDEX LLC | RU | unknown |
2516 | Yandex.exe | 5.45.205.241:443 | download.cdn.yandex.net | YANDEX LLC | RU | whitelisted |
2516 | Yandex.exe | 5.45.222.32:443 | cache-mskmar08.cdn.yandex.net | YANDEX LLC | RU | unknown |
2516 | Yandex.exe | 151.139.236.246:80 | subca.ocsp-certum.com | netDNA | US | unknown |
2516 | Yandex.exe | 37.9.96.15:443 | cache-mskstoredata04.cdn.yandex.net | YANDEX LLC | RU | whitelisted |
2516 | Yandex.exe | 5.45.222.27:443 | cache-mskmar03.cdn.yandex.net | YANDEX LLC | RU | whitelisted |
2516 | Yandex.exe | 5.45.222.89:443 | cache-mskmar14.cdn.yandex.net | YANDEX LLC | RU | unknown |
Domain | IP | Reputation |
---|---|---|
api.browser.yandex.ru |
| whitelisted |
download.cdn.yandex.net |
| whitelisted |
api.browser.yandex.net |
| whitelisted |
subca.ocsp-certum.com |
| whitelisted |
yandex.ocsp-responder.com |
| whitelisted |
cache-mskstoredata04.cdn.yandex.net |
| whitelisted |
cache-mskmar01.cdn.yandex.net |
| unknown |
cache-mskmar14.cdn.yandex.net |
| whitelisted |
cache-mskmar08.cdn.yandex.net |
| unknown |
cache-mskmar03.cdn.yandex.net |
| whitelisted |
Process | Message |
---|---|
clidmgr.exe | GetSidFromEnumSess(): i = 0 : szUserName = Administrator, szDomain = USER-PC, dwSessionId = 0
|
clidmgr.exe | GetSidFromEnumSess(): i = 0 : szUserName = Administrator, szDomain = USER-PC, dwSessionId = 0
|
clidmgr.exe | GetSidFromEnumSess(): ProfileImagePath(1) = C:\Users\admin
|
clidmgr.exe | GetSidFromEnumSess(): LsaEnumerateLogonSessions() lpszSid = S-1-5-21-1302019708-1500728564-335382590-1000
|
clidmgr.exe | GetLoggedCreds_WTSSessionInfo(): szUserName = admin, szDomain = USER-PC, dwSessionId = 1
|
clidmgr.exe | GetSidFromEnumSess(): i = 0 : szUserName = Administrator, szDomain = USER-PC, dwSessionId = 0
|
clidmgr.exe | GetSidFromEnumSess(): ProfileImagePath(1) = C:\Users\admin
|
clidmgr.exe | GetSidFromEnumSess(): LsaEnumerateLogonSessions() lpszSid = S-1-5-21-1302019708-1500728564-335382590-1000
|
clidmgr.exe | GetLoggedCreds_WTSSessionInfo(): szUserName = admin, szDomain = USER-PC, dwSessionId = 1
|
clidmgr.exe | GetSidFromEnumSess(): i = 0 : szUserName = Administrator, szDomain = USER-PC, dwSessionId = 0
|