File name:

Yandex (2).exe

Full analysis: https://app.any.run/tasks/a4a26896-8c4a-4630-8d62-7d739a0b31fe
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: May 19, 2025, 14:44:49
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

907FB8A3E08135F3528C7D4EFC4FABC1

SHA1:

4153C1374F20330A340612338AD8356B27A65D69

SHA256:

26859064E9D741D556DF7C10884D2F925B0D0083BA6D1619B8956A3F8387B0D5

SSDEEP:

98304:U2uwKSXJeleQdPSmEjDpZknex5LlgjvDSsqWBLVwzfREF6aKs4nIMYoOXAlmHxah:buEtRx9w14mwAS/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • setup.exe (PID: 5376)
      • service_update.exe (PID: 1812)
      • csrss.exe (PID: 5824)
      • service_update.exe (PID: 4988)
      • csrss.exe (PID: 532)
      • service_update.exe (PID: 2236)
      • service_update.exe (PID: 6744)
      • service_update.exe (PID: 4452)
      • service_update.exe (PID: 5892)
      • service_update.exe (PID: 1628)
      • browser.exe (PID: 6436)
      • service_update.exe (PID: 6712)
      • explorer.exe (PID: 7416)
      • browser.exe (PID: 1348)
      • clidmgr.exe (PID: 7876)
      • clidmgr.exe (PID: 7972)
      • browser.exe (PID: 3896)
      • browser.exe (PID: 5384)
      • browser.exe (PID: 6828)
      • browser.exe (PID: 6940)
      • browser.exe (PID: 2084)
      • browser.exe (PID: 5352)
      • browser.exe (PID: 5020)
      • browser.exe (PID: 5552)
      • browser.exe (PID: 4692)
      • browser.exe (PID: 7656)
      • browser.exe (PID: 4452)
      • browser.exe (PID: 5680)
      • browser.exe (PID: 4920)
      • browser.exe (PID: 7416)
      • browser.exe (PID: 7828)
      • browser.exe (PID: 7312)
      • browser.exe (PID: 7840)

    • Steals credentials from Web Browsers

      • browser.exe (PID: 6940)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 7388)
      • setup.exe (PID: 5376)
      • service_update.exe (PID: 1812)
      • explorer.exe (PID: 7416)
      • Yandex.exe (PID: 7820)
      • explorer.exe (PID: 6668)
      • browser.exe (PID: 3896)

    • Application launched itself

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 7388)
      • setup.exe (PID: 5376)
      • service_update.exe (PID: 6744)
      • service_update.exe (PID: 2236)
      • browser.exe (PID: 3896)
      • explorer.exe (PID: 7416)
      • browser.exe (PID: 6940)
      • browser.exe (PID: 7916)
      • browser.exe (PID: 1280)

    • Executable content was dropped or overwritten

      • ybBBEF.tmp (PID: 6640)
      • service_update.exe (PID: 1812)
      • setup.exe (PID: 5376)
      • Yandex.exe (PID: 7820)
      • browser.exe (PID: 7472)

    • Starts application with an unusual extension

      • Yandex (2).exe (PID: 8112)

    • Reads the date of Windows installation

      • setup.exe (PID: 7388)
      • service_update.exe (PID: 1812)
      • explorer.exe (PID: 7416)

    • Adds/modifies Windows certificates

      • setup.exe (PID: 5376)

    • Starts itself from another location

      • service_update.exe (PID: 1812)
      • setup.exe (PID: 5376)
      • Yandex.exe (PID: 7820)

    • Executes as Windows Service

      • service_update.exe (PID: 2236)

    • The process executes via Task Scheduler

      • browser.exe (PID: 3896)
      • service_update.exe (PID: 1628)
      • service_update.exe (PID: 6712)

    • The process creates files with name similar to system file names

      • setup.exe (PID: 5376)
      • Yandex.exe (PID: 7820)

    • Creates a software uninstall entry

      • Yandex.exe (PID: 7820)
      • setup.exe (PID: 5376)

    • The process checks if it is being run in the virtual environment

      • browser.exe (PID: 3896)

    • Searches for installed software

      • setup.exe (PID: 5376)

    • Reads Mozilla Firefox installation path

      • browser.exe (PID: 6940)

  • INFO

    • The sample compiled with english language support

      • Yandex (2).exe (PID: 7448)
      • ybBBEF.tmp (PID: 6640)
      • service_update.exe (PID: 1812)
      • setup.exe (PID: 5376)
      • browser.exe (PID: 7472)

    • Reads the computer name

      • Yandex (2).exe (PID: 7448)
      • ybBBEF.tmp (PID: 6640)
      • setup.exe (PID: 7388)
      • setup.exe (PID: 5376)
      • service_update.exe (PID: 1812)
      • service_update.exe (PID: 2236)
      • service_update.exe (PID: 4988)
      • service_update.exe (PID: 6744)
      • service_update.exe (PID: 4452)
      • service_update.exe (PID: 1628)
      • browser.exe (PID: 3896)
      • service_update.exe (PID: 6712)
      • explorer.exe (PID: 7416)
      • Yandex.exe (PID: 7820)
      • explorer.exe (PID: 6668)
      • browser.exe (PID: 1348)
      • clidmgr.exe (PID: 7876)
      • clidmgr.exe (PID: 7972)
      • browser.exe (PID: 5552)
      • browser.exe (PID: 7312)
      • browser.exe (PID: 4692)
      • browser.exe (PID: 4920)

    • Reads the software policy settings

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 5376)
      • slui.exe (PID: 7604)
      • explorer.exe (PID: 7416)
      • browser.exe (PID: 6940)
      • browser.exe (PID: 3896)

    • Checks supported languages

      • Yandex (2).exe (PID: 7448)
      • Yandex (2).exe (PID: 8112)
      • ybBBEF.tmp (PID: 6640)
      • setup.exe (PID: 7388)
      • setup.exe (PID: 5376)
      • service_update.exe (PID: 1812)
      • setup.exe (PID: 6964)
      • service_update.exe (PID: 2236)
      • service_update.exe (PID: 4988)
      • service_update.exe (PID: 6744)
      • service_update.exe (PID: 4452)
      • service_update.exe (PID: 5892)
      • service_update.exe (PID: 1628)
      • browser.exe (PID: 3896)
      • browser.exe (PID: 6436)
      • service_update.exe (PID: 6712)
      • explorer.exe (PID: 7416)
      • explorer.exe (PID: 7400)
      • Yandex.exe (PID: 7820)
      • explorer.exe (PID: 6668)
      • browser.exe (PID: 5384)
      • browser.exe (PID: 1348)
      • clidmgr.exe (PID: 7876)
      • clidmgr.exe (PID: 7972)
      • browser.exe (PID: 6828)
      • browser.exe (PID: 5352)
      • browser.exe (PID: 5020)
      • browser.exe (PID: 5552)
      • browser.exe (PID: 4692)
      • browser.exe (PID: 7656)
      • browser.exe (PID: 5680)
      • browser.exe (PID: 7312)
      • browser.exe (PID: 6940)
      • browser.exe (PID: 4452)
      • browser.exe (PID: 7416)
      • browser.exe (PID: 7840)
      • browser.exe (PID: 7828)

    • Creates files or folders in the user directory

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 5376)
      • setup.exe (PID: 6964)
      • explorer.exe (PID: 7416)
      • Yandex.exe (PID: 7820)
      • explorer.exe (PID: 6668)
      • clidmgr.exe (PID: 7876)
      • browser.exe (PID: 3896)
      • browser.exe (PID: 6828)
      • browser.exe (PID: 6940)
      • browser.exe (PID: 5020)

    • Yandex updater related mutex has been found

      • Yandex (2).exe (PID: 7448)
      • Yandex (2).exe (PID: 8112)
      • service_update.exe (PID: 1812)
      • service_update.exe (PID: 4988)
      • service_update.exe (PID: 2236)
      • service_update.exe (PID: 6744)
      • service_update.exe (PID: 4452)
      • service_update.exe (PID: 1628)
      • service_update.exe (PID: 6712)
      • browser.exe (PID: 3896)
      • browser.exe (PID: 6940)

    • Create files in a temporary directory

      • Yandex (2).exe (PID: 7448)
      • ybBBEF.tmp (PID: 6640)
      • setup.exe (PID: 5376)
      • setup.exe (PID: 7388)
      • Yandex.exe (PID: 7820)
      • browser.exe (PID: 3896)
      • browser.exe (PID: 4920)
      • browser.exe (PID: 6940)

    • Reads the machine GUID from the registry

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 5376)
      • explorer.exe (PID: 7416)
      • browser.exe (PID: 3896)
      • browser.exe (PID: 6940)

    • Process checks computer location settings

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 7388)
      • service_update.exe (PID: 1812)
      • explorer.exe (PID: 7416)
      • Yandex.exe (PID: 7820)
      • explorer.exe (PID: 6668)
      • browser.exe (PID: 6940)
      • browser.exe (PID: 5680)
      • browser.exe (PID: 4452)
      • browser.exe (PID: 7416)

    • Checks proxy server information

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 5376)
      • browser.exe (PID: 3896)
      • browser.exe (PID: 6940)

    • The sample compiled with russian language support

      • setup.exe (PID: 5376)

    • Creates files in the program directory

      • service_update.exe (PID: 1812)

    • Local mutex for internet shortcut management

      • Yandex.exe (PID: 7820)

    • Manual execution by a user

      • browser.exe (PID: 6940)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:07 09:25:02+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 1120256
InitializedDataSize: 10041856
UninitializedDataSize: -
EntryPoint: 0xe11e0
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 24.4.5.498
ProductVersionNumber: 24.4.5.498
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: YANDEX LLC
FileDescription: Yandex
FileVersion: 24.4.5.498
InternalName: lite_installer
LegalCopyright: Copyright (c) 2012-2024 YANDEX LLC. All Rights Reserved.
ProductName: Yandex
ProductVersion: 24.4.5.498
ProductChromiumVersion: 122.0.6261.139
ProductYandexVersion: 24.4.5.498
CompanyShortName: YANDEX LLC
ProductShortName: Yandex Installer
LastChange: 97d73141ccdf8a85f2191b0673c7c1265f763bd1
OfficialBuild: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
206
Monitored processes
78
Malicious processes
37
Suspicious processes
1

Behavior graph

Click at the process to see the details
start yandex (2).exe sppextcomobj.exe no specs slui.exe yandex (2).exe ybbbef.tmp setup.exe no specs setup.exe setup.exe no specs service_update.exe service_update.exe service_update.exe service_update.exe service_update.exe service_update.exe service_update.exe service_update.exe browser.exe browser.exe slui.exe no specs explorer.exe explorer.exe no specs yandex.exe explorer.exe no specs clidmgr.exe conhost.exe no specs clidmgr.exe conhost.exe no specs browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs csrss.exe csrss.exe

Process information

PID
CMD
Path
Indicators
Parent process
532%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\System32\csrss.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Client Server Runtime Process
Version:
10.0.19041.1 (WinBuild.160101.0800)
728"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=qr_code.mojom.QRCodeService --lang=ru --service-sandbox-type=service --user-id=10AA1B82-7359-4E87-BB00-5D2E23B3A077 --brand-id=yandex --partner-id=switch-brand --no-appcompat-clear --process-name="QR code service" --mojo-platform-channel-handle=7044 --field-trial-handle=2328,i,14933084326787513399,7888875199329851602,262144 --enable-features=InstallerNewIdentity2024 --disable-features=WebGalleryRotation --variations-seed-version --brver=24.4.5.498 /prefetch:8C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Version:
24.4.5.498
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.4.5.498\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
900"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=10AA1B82-7359-4E87-BB00-5D2E23B3A077 --brand-id=yandex --partner-id=switch-brand --no-appcompat-clear --process-name="Network Service" --mojo-platform-channel-handle=2432 --field-trial-handle=2304,i,3326984154402821909,9809805261089981451,262144 --enable-features=InstallerNewIdentity2024 --disable-features=WebGalleryRotation --variations-seed-version --brver=24.4.5.498 /prefetch:3C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
MEDIUM
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.4.5.498\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
1240"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=10AA1B82-7359-4E87-BB00-5D2E23B3A077 --brand-id=yandex --partner-id=switch-brand --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --mojo-platform-channel-handle=2300 --field-trial-handle=2304,i,3326984154402821909,9809805261089981451,262144 --enable-features=InstallerNewIdentity2024 --disable-features=WebGalleryRotation --variations-seed-version /prefetch:2C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.4.5.498\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
1280"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={0A3BE58C-8A92-40D1-981C-D9FC737C44B7}C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exesvchost.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
MEDIUM
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.4.5.498\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
1300"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=10AA1B82-7359-4E87-BB00-5D2E23B3A077 --brand-id=yandex --partner-id=switch-brand --no-appcompat-clear --process-name="Распаковщик файлов" --mojo-platform-channel-handle=6080 --field-trial-handle=2328,i,14933084326787513399,7888875199329851602,262144 --enable-features=InstallerNewIdentity2024 --disable-features=WebGalleryRotation --variations-seed-version --brver=24.4.5.498 /prefetch:8C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.4.5.498\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
1348"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=10AA1B82-7359-4E87-BB00-5D2E23B3A077 --brand-id=yandex --partner-id=switch-brand --noerrdialogs --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --mojo-platform-channel-handle=2260 --field-trial-handle=2280,i,6762599852402778159,944696968657314673,262144 --enable-features=InstallerNewIdentity2024 --disable-features=WebGalleryRotation --variations-seed-version /prefetch:2C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
browser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.4.5.498\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
1628"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.498\service_update.exe" --repairC:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.498\service_update.exe
svchost.exe
User:
SYSTEM
Company:
YANDEX LLC
Integrity Level:
SYSTEM
Description:
Yandex
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\program files (x86)\yandex\yandexbrowser\24.4.5.498\service_update.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1812"C:\WINDOWS\TEMP\sdwra_5376_787624654\service_update.exe" --setupC:\Windows\Temp\sdwra_5376_787624654\service_update.exe
setup.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
HIGH
Description:
Yandex
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\windows\temp\sdwra_5376_787624654\service_update.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
2040"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=10AA1B82-7359-4E87-BB00-5D2E23B3A077 --brand-id=yandex --partner-id=switch-brand --no-appcompat-clear --process-name="Утилиты Windows" --mojo-platform-channel-handle=6684 --field-trial-handle=2328,i,14933084326787513399,7888875199329851602,262144 --enable-features=InstallerNewIdentity2024 --disable-features=WebGalleryRotation --variations-seed-version --brver=24.4.5.498 /prefetch:8C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
MEDIUM
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.4.5.498\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
Total events
30 164
Read events
29 593
Write events
478
Delete events
93

Modification events

(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Yandex
Operation:writeName:UICreated_admin
Value:
1
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:DistribInfoParams
Value:
win10pin=1&vup=1&browser=GoogleChrome/64/125.0.6422.142&banerid=0600005800:13898474004054540287:SW-9eb323c64c24&yandexuid=6709597041718183164&mongoID=666a99a11be862790e470ff0&switchID=SW-9eb323c64c24&yclid=13898474004054540287&pps=installID%3D6709597041718183164_1718262177679%26mongoID%3D666a99a11be862790e470ff0%26switchID%3DSW-9eb323c64c24%26utm_campaign%3Dsearch_brand_chrome%257C86135343%26utm_medium%3Dsearch%26utm_source%3Dyandex%26utm_term%3D---autotargeting%26yclid%3D13898474004054540287&download_date=1718262177
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:delete valueName:brand
Value:
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:delete valueName:BrandFile
Value:
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:delete valueName:PartnerFile
Value:
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:lang
Value:
ru
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:InstallerData
Value:
C:\Users\admin\AppData\Local\Temp\master_preferences
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:ClidsFile
Value:
C:\Users\admin\AppData\Local\Temp\clids.xml
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:YandexWebsiteIconFile
Value:
C:\Users\admin\AppData\Local\Temp\website.ico
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:AbtConfigResourceFile
Value:
C:\Users\admin\AppData\Local\Temp\abt_config_resource
Executable files
26
Suspicious files
503
Text files
168
Unknown types
0

Dropped files

PID
Process
Filename
Type
7448Yandex (2).exeC:\Users\admin\AppData\Local\Temp\website.ico
MD5:
SHA256:
7448Yandex (2).exeC:\Users\admin\AppData\Local\Temp\lite_installer.logtext
MD5:9F5FD85494D67765A5250FAC3F03A0FD
SHA256:60D9B20DEA3E3E9C0F6F25051A5DDD1386B45681244CC275BADD2A128A1F26EA
7448Yandex (2).exeC:\Users\admin\AppData\Local\Temp\clids.xmlxml
MD5:FBDA4201A15145F68DBF67A70A9799CD
SHA256:9979322F5F99651CA0719356875876639D2CE208EC2BE0082AD810F0940B5A1D
7448Yandex (2).exeC:\Users\admin\AppData\Local\Temp\distrib_infobinary
MD5:A9497F9ADC1CE63B9CA3E41F961EF67E
SHA256:0FC77713B6CA9EF6B1641F0517FE480E41A2D2116BB0493EA7085F9740CEE94D
7448Yandex (2).exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81Bbinary
MD5:E4306BB0A430E6963E767D5473F4A7D5
SHA256:CD9805C0C50689200CF811519F2840F54737355CEEF806850D5C948B84221C2F
7448Yandex (2).exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FBbinary
MD5:E65CDE3052862CAA8AF571D42F657A3A
SHA256:760E799F35CEB185AB2FC288FD82768984C98E0386E556539E3E364BC254580D
7448Yandex (2).exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_9AA76ECDFF060D1DC8600F0EC861ABC6binary
MD5:161976AFB404FE26F022EA310D05D233
SHA256:607BA4C1E6DAAF0CA0FF1508D628AE59D706DC3F6F2634DA9836CD3B5BAECF46
7448Yandex (2).exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046binary
MD5:D3342FDFB34161A7607E34E6308BFAB6
SHA256:EF46E0F0D19909E8F03611C1BAD49BCBC87BF3BEFF4AD3DB79F50C52ABAC46A2
7448Yandex (2).exeC:\Users\admin\AppData\Roaming\Yandex\uitext
MD5:8052959C11392F603ABC4C72B4309F5F
SHA256:5850F48110F71510DF1BAEF57E9FF4CE39AD2FCC16CC83A1A8EE62D2678E1F1F
7448Yandex (2).exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81Bbinary
MD5:83DE592A376E17131B065F1DD4EF3A0C
SHA256:A567CE4C4CF2BB6FE17B21A7B8FAFEC71808D6ED7BC06BFFBC14AD0D871755E2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
145
DNS requests
119
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7448
Yandex (2).exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/ca/gstsacasha384g4/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS2enBWzCNkWKN%2FFhoLZmlPnDczoAQU6hbGaefjy1dFOTOk8EC%2B0MO9ZZYCEAGb6t7ITWuP92w6ny4BJBY%3D
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.216.77.38:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/rootr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHUeP1PjGFkz6V8I7O6tApc%3D
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/rootr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDQHuXxad%2F5c1K2Rl1mo%3D
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/rootr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDQHuXxad%2F5c1K2Rl1mo%3D
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.194.133:80
http://ocsp2.globalsign.com/rootr5/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQiD0S5cIHyfrLTJ1fvAkJWflH%2B2QQUPeYpSJvqB8ohREom3m7e0oPQn1kCDQHuXyKVQkkF%2BQGRqNw%3D
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.194.133:80
http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/gseccovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSTMjK03nNiYoQYvu4Izyfn9OJNdAQUWHuOdSr%2BYYCqkEABrtboB0ZuP0gCDDPIyTHC%2B47uh3PW%2Bg%3D%3D
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDGuJTVriWIb8u1GmfA%3D%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
23.216.77.38:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7448
Yandex (2).exe
5.45.205.241:443
download.cdn.yandex.net
YANDEX LLC
RU
whitelisted
7448
Yandex (2).exe
213.180.193.234:443
api.browser.yandex.net
YANDEX LLC
RU
whitelisted
7448
Yandex (2).exe
151.101.2.133:80
ocsp.globalsign.com
FASTLY
US
whitelisted
7448
Yandex (2).exe
151.101.194.133:80
ocsp.globalsign.com
FASTLY
US
whitelisted
7448
Yandex (2).exe
5.45.247.13:443
cachev2-ams17.cdn.yandex.net
YANDEX LLC
RU
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.216.77.38
  • 23.216.77.19
  • 23.216.77.35
  • 23.216.77.20
  • 23.216.77.30
  • 23.216.77.36
  • 23.216.77.18
  • 23.216.77.25
  • 23.216.77.41
whitelisted
google.com
  • 172.217.18.14
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 2.23.246.101
whitelisted
download.cdn.yandex.net
  • 5.45.205.241
  • 5.45.205.245
  • 5.45.205.242
  • 5.45.205.244
  • 5.45.205.243
whitelisted
api.browser.yandex.net
  • 213.180.193.234
whitelisted
api.browser.yandex.ru
  • 213.180.193.234
whitelisted
ocsp.globalsign.com
  • 151.101.2.133
  • 151.101.194.133
  • 151.101.130.133
  • 151.101.66.133
whitelisted
ocsp2.globalsign.com
  • 151.101.194.133
  • 151.101.130.133
  • 151.101.66.133
  • 151.101.2.133
whitelisted
cachev2-ams17.cdn.yandex.net
  • 5.45.247.13
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Yandex (2).exe