File name:

Yandex (2).exe

Full analysis: https://app.any.run/tasks/a4a26896-8c4a-4630-8d62-7d739a0b31fe
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: May 19, 2025, 14:44:49
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

907FB8A3E08135F3528C7D4EFC4FABC1

SHA1:

4153C1374F20330A340612338AD8356B27A65D69

SHA256:

26859064E9D741D556DF7C10884D2F925B0D0083BA6D1619B8956A3F8387B0D5

SSDEEP:

98304:U2uwKSXJeleQdPSmEjDpZknex5LlgjvDSsqWBLVwzfREF6aKs4nIMYoOXAlmHxah:buEtRx9w14mwAS/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • setup.exe (PID: 5376)
      • service_update.exe (PID: 1812)
      • csrss.exe (PID: 5824)
      • service_update.exe (PID: 2236)
      • service_update.exe (PID: 4988)
      • csrss.exe (PID: 532)
      • service_update.exe (PID: 6744)
      • service_update.exe (PID: 4452)
      • service_update.exe (PID: 5892)
      • service_update.exe (PID: 1628)
      • service_update.exe (PID: 6712)
      • browser.exe (PID: 6436)
      • explorer.exe (PID: 7416)
      • clidmgr.exe (PID: 7876)
      • clidmgr.exe (PID: 7972)
      • browser.exe (PID: 3896)
      • browser.exe (PID: 1348)
      • browser.exe (PID: 5384)
      • browser.exe (PID: 6940)
      • browser.exe (PID: 6828)
      • browser.exe (PID: 5020)
      • browser.exe (PID: 5352)
      • browser.exe (PID: 2084)
      • browser.exe (PID: 4692)
      • browser.exe (PID: 5552)
      • browser.exe (PID: 7656)
      • browser.exe (PID: 7312)
      • browser.exe (PID: 5680)
      • browser.exe (PID: 4920)
      • browser.exe (PID: 7416)
      • browser.exe (PID: 7828)
      • browser.exe (PID: 7840)
      • browser.exe (PID: 4452)

    • Steals credentials from Web Browsers

      • browser.exe (PID: 6940)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • ybBBEF.tmp (PID: 6640)
      • setup.exe (PID: 5376)
      • service_update.exe (PID: 1812)
      • Yandex.exe (PID: 7820)
      • browser.exe (PID: 7472)

    • Reads security settings of Internet Explorer

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 7388)
      • setup.exe (PID: 5376)
      • service_update.exe (PID: 1812)
      • explorer.exe (PID: 7416)
      • Yandex.exe (PID: 7820)
      • explorer.exe (PID: 6668)
      • browser.exe (PID: 3896)

    • Application launched itself

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 7388)
      • setup.exe (PID: 5376)
      • service_update.exe (PID: 6744)
      • service_update.exe (PID: 2236)
      • browser.exe (PID: 3896)
      • explorer.exe (PID: 7416)
      • browser.exe (PID: 6940)
      • browser.exe (PID: 1280)
      • browser.exe (PID: 7916)

    • Reads the date of Windows installation

      • setup.exe (PID: 7388)
      • service_update.exe (PID: 1812)
      • explorer.exe (PID: 7416)

    • Adds/modifies Windows certificates

      • setup.exe (PID: 5376)

    • Starts itself from another location

      • service_update.exe (PID: 1812)
      • setup.exe (PID: 5376)
      • Yandex.exe (PID: 7820)

    • Executes as Windows Service

      • service_update.exe (PID: 2236)

    • Searches for installed software

      • setup.exe (PID: 5376)

    • The process executes via Task Scheduler

      • service_update.exe (PID: 1628)
      • browser.exe (PID: 3896)
      • service_update.exe (PID: 6712)

    • Creates a software uninstall entry

      • setup.exe (PID: 5376)
      • Yandex.exe (PID: 7820)

    • The process creates files with name similar to system file names

      • setup.exe (PID: 5376)
      • Yandex.exe (PID: 7820)

    • Starts application with an unusual extension

      • Yandex (2).exe (PID: 8112)

    • The process checks if it is being run in the virtual environment

      • browser.exe (PID: 3896)

    • Reads Mozilla Firefox installation path

      • browser.exe (PID: 6940)

  • INFO

    • The sample compiled with english language support

      • Yandex (2).exe (PID: 7448)
      • ybBBEF.tmp (PID: 6640)
      • service_update.exe (PID: 1812)
      • setup.exe (PID: 5376)
      • browser.exe (PID: 7472)

    • Checks supported languages

      • Yandex (2).exe (PID: 7448)
      • Yandex (2).exe (PID: 8112)
      • setup.exe (PID: 7388)
      • setup.exe (PID: 5376)
      • setup.exe (PID: 6964)
      • service_update.exe (PID: 1812)
      • service_update.exe (PID: 4988)
      • service_update.exe (PID: 2236)
      • service_update.exe (PID: 6744)
      • service_update.exe (PID: 4452)
      • service_update.exe (PID: 5892)
      • service_update.exe (PID: 1628)
      • browser.exe (PID: 3896)
      • service_update.exe (PID: 6712)
      • explorer.exe (PID: 7416)
      • ybBBEF.tmp (PID: 6640)
      • browser.exe (PID: 6436)
      • explorer.exe (PID: 7400)
      • Yandex.exe (PID: 7820)
      • explorer.exe (PID: 6668)
      • clidmgr.exe (PID: 7876)
      • clidmgr.exe (PID: 7972)
      • browser.exe (PID: 5384)
      • browser.exe (PID: 1348)
      • browser.exe (PID: 5352)
      • browser.exe (PID: 6940)
      • browser.exe (PID: 6828)
      • browser.exe (PID: 5020)
      • browser.exe (PID: 5552)
      • browser.exe (PID: 4692)
      • browser.exe (PID: 5680)
      • browser.exe (PID: 7656)
      • browser.exe (PID: 7312)
      • browser.exe (PID: 4452)
      • browser.exe (PID: 7416)
      • browser.exe (PID: 7828)
      • browser.exe (PID: 7840)

    • Creates files or folders in the user directory

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 6964)
      • setup.exe (PID: 5376)
      • explorer.exe (PID: 7416)
      • Yandex.exe (PID: 7820)
      • explorer.exe (PID: 6668)
      • clidmgr.exe (PID: 7876)
      • browser.exe (PID: 3896)
      • browser.exe (PID: 6828)
      • browser.exe (PID: 6940)
      • browser.exe (PID: 5020)

    • Checks proxy server information

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 5376)
      • browser.exe (PID: 6940)
      • browser.exe (PID: 3896)

    • Reads the machine GUID from the registry

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 5376)
      • explorer.exe (PID: 7416)
      • browser.exe (PID: 3896)
      • browser.exe (PID: 6940)

    • Reads the computer name

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 7388)
      • setup.exe (PID: 5376)
      • service_update.exe (PID: 1812)
      • service_update.exe (PID: 4988)
      • service_update.exe (PID: 2236)
      • service_update.exe (PID: 4452)
      • service_update.exe (PID: 6744)
      • service_update.exe (PID: 1628)
      • browser.exe (PID: 3896)
      • explorer.exe (PID: 7416)
      • ybBBEF.tmp (PID: 6640)
      • service_update.exe (PID: 6712)
      • Yandex.exe (PID: 7820)
      • explorer.exe (PID: 6668)
      • clidmgr.exe (PID: 7876)
      • clidmgr.exe (PID: 7972)
      • browser.exe (PID: 1348)
      • browser.exe (PID: 7312)
      • browser.exe (PID: 5552)
      • browser.exe (PID: 4692)
      • browser.exe (PID: 4920)

    • Yandex updater related mutex has been found

      • Yandex (2).exe (PID: 7448)
      • service_update.exe (PID: 1812)
      • service_update.exe (PID: 4988)
      • service_update.exe (PID: 4452)
      • service_update.exe (PID: 6744)
      • service_update.exe (PID: 2236)
      • service_update.exe (PID: 1628)
      • service_update.exe (PID: 6712)
      • Yandex (2).exe (PID: 8112)
      • browser.exe (PID: 3896)
      • browser.exe (PID: 6940)

    • Process checks computer location settings

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 7388)
      • service_update.exe (PID: 1812)
      • explorer.exe (PID: 7416)
      • Yandex.exe (PID: 7820)
      • explorer.exe (PID: 6668)
      • browser.exe (PID: 6940)
      • browser.exe (PID: 5680)
      • browser.exe (PID: 7416)
      • browser.exe (PID: 4452)

    • Create files in a temporary directory

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 7388)
      • setup.exe (PID: 5376)
      • ybBBEF.tmp (PID: 6640)
      • Yandex.exe (PID: 7820)
      • browser.exe (PID: 3896)
      • browser.exe (PID: 6940)
      • browser.exe (PID: 4920)

    • Reads the software policy settings

      • Yandex (2).exe (PID: 7448)
      • setup.exe (PID: 5376)
      • slui.exe (PID: 7604)
      • explorer.exe (PID: 7416)
      • browser.exe (PID: 3896)
      • browser.exe (PID: 6940)

    • The sample compiled with russian language support

      • setup.exe (PID: 5376)

    • Creates files in the program directory

      • service_update.exe (PID: 1812)

    • Local mutex for internet shortcut management

      • Yandex.exe (PID: 7820)

    • Manual execution by a user

      • browser.exe (PID: 6940)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:07 09:25:02+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 1120256
InitializedDataSize: 10041856
UninitializedDataSize: -
EntryPoint: 0xe11e0
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 24.4.5.498
ProductVersionNumber: 24.4.5.498
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: YANDEX LLC
FileDescription: Yandex
FileVersion: 24.4.5.498
InternalName: lite_installer
LegalCopyright: Copyright (c) 2012-2024 YANDEX LLC. All Rights Reserved.
ProductName: Yandex
ProductVersion: 24.4.5.498
ProductChromiumVersion: 122.0.6261.139
ProductYandexVersion: 24.4.5.498
CompanyShortName: YANDEX LLC
ProductShortName: Yandex Installer
LastChange: 97d73141ccdf8a85f2191b0673c7c1265f763bd1
OfficialBuild: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
206
Monitored processes
78
Malicious processes
37
Suspicious processes
1

Behavior graph

Click at the process to see the details
start yandex (2).exe sppextcomobj.exe no specs slui.exe yandex (2).exe ybbbef.tmp setup.exe no specs setup.exe setup.exe no specs service_update.exe service_update.exe service_update.exe service_update.exe service_update.exe service_update.exe service_update.exe service_update.exe browser.exe browser.exe slui.exe no specs explorer.exe explorer.exe no specs yandex.exe explorer.exe no specs clidmgr.exe conhost.exe no specs clidmgr.exe conhost.exe no specs browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs csrss.exe csrss.exe

Process information

PID
CMD
Path
Indicators
Parent process
532%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\System32\csrss.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Client Server Runtime Process
Version:
10.0.19041.1 (WinBuild.160101.0800)
728"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=qr_code.mojom.QRCodeService --lang=ru --service-sandbox-type=service --user-id=10AA1B82-7359-4E87-BB00-5D2E23B3A077 --brand-id=yandex --partner-id=switch-brand --no-appcompat-clear --process-name="QR code service" --mojo-platform-channel-handle=7044 --field-trial-handle=2328,i,14933084326787513399,7888875199329851602,262144 --enable-features=InstallerNewIdentity2024 --disable-features=WebGalleryRotation --variations-seed-version --brver=24.4.5.498 /prefetch:8C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Version:
24.4.5.498
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.4.5.498\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
900"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=10AA1B82-7359-4E87-BB00-5D2E23B3A077 --brand-id=yandex --partner-id=switch-brand --no-appcompat-clear --process-name="Network Service" --mojo-platform-channel-handle=2432 --field-trial-handle=2304,i,3326984154402821909,9809805261089981451,262144 --enable-features=InstallerNewIdentity2024 --disable-features=WebGalleryRotation --variations-seed-version --brver=24.4.5.498 /prefetch:3C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
MEDIUM
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.4.5.498\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
1240"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=10AA1B82-7359-4E87-BB00-5D2E23B3A077 --brand-id=yandex --partner-id=switch-brand --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --mojo-platform-channel-handle=2300 --field-trial-handle=2304,i,3326984154402821909,9809805261089981451,262144 --enable-features=InstallerNewIdentity2024 --disable-features=WebGalleryRotation --variations-seed-version /prefetch:2C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.4.5.498\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
1280"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={0A3BE58C-8A92-40D1-981C-D9FC737C44B7}C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exesvchost.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
MEDIUM
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.4.5.498\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
1300"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=10AA1B82-7359-4E87-BB00-5D2E23B3A077 --brand-id=yandex --partner-id=switch-brand --no-appcompat-clear --process-name="Распаковщик файлов" --mojo-platform-channel-handle=6080 --field-trial-handle=2328,i,14933084326787513399,7888875199329851602,262144 --enable-features=InstallerNewIdentity2024 --disable-features=WebGalleryRotation --variations-seed-version --brver=24.4.5.498 /prefetch:8C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.4.5.498\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
1348"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=10AA1B82-7359-4E87-BB00-5D2E23B3A077 --brand-id=yandex --partner-id=switch-brand --noerrdialogs --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --mojo-platform-channel-handle=2260 --field-trial-handle=2280,i,6762599852402778159,944696968657314673,262144 --enable-features=InstallerNewIdentity2024 --disable-features=WebGalleryRotation --variations-seed-version /prefetch:2C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
browser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
LOW
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.4.5.498\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
1628"C:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.498\service_update.exe" --repairC:\Program Files (x86)\Yandex\YandexBrowser\24.4.5.498\service_update.exe
svchost.exe
User:
SYSTEM
Company:
YANDEX LLC
Integrity Level:
SYSTEM
Description:
Yandex
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\program files (x86)\yandex\yandexbrowser\24.4.5.498\service_update.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1812"C:\WINDOWS\TEMP\sdwra_5376_787624654\service_update.exe" --setupC:\Windows\Temp\sdwra_5376_787624654\service_update.exe
setup.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
HIGH
Description:
Yandex
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\windows\temp\sdwra_5376_787624654\service_update.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
2040"C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=10AA1B82-7359-4E87-BB00-5D2E23B3A077 --brand-id=yandex --partner-id=switch-brand --no-appcompat-clear --process-name="Утилиты Windows" --mojo-platform-channel-handle=6684 --field-trial-handle=2328,i,14933084326787513399,7888875199329851602,262144 --enable-features=InstallerNewIdentity2024 --disable-features=WebGalleryRotation --variations-seed-version --brver=24.4.5.498 /prefetch:8C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exebrowser.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
MEDIUM
Description:
Yandex with voice assistant Alice
Exit code:
0
Version:
24.4.5.498
Modules
Images
c:\users\admin\appdata\local\yandex\yandexbrowser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\yandex\yandexbrowser\application\24.4.5.498\browser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
Total events
30 164
Read events
29 593
Write events
478
Delete events
93

Modification events

(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\AppDataLow\Yandex
Operation:writeName:UICreated_admin
Value:
1
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:DistribInfoParams
Value:
win10pin=1&vup=1&browser=GoogleChrome/64/125.0.6422.142&banerid=0600005800:13898474004054540287:SW-9eb323c64c24&yandexuid=6709597041718183164&mongoID=666a99a11be862790e470ff0&switchID=SW-9eb323c64c24&yclid=13898474004054540287&pps=installID%3D6709597041718183164_1718262177679%26mongoID%3D666a99a11be862790e470ff0%26switchID%3DSW-9eb323c64c24%26utm_campaign%3Dsearch_brand_chrome%257C86135343%26utm_medium%3Dsearch%26utm_source%3Dyandex%26utm_term%3D---autotargeting%26yclid%3D13898474004054540287&download_date=1718262177
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:delete valueName:brand
Value:
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:delete valueName:BrandFile
Value:
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:delete valueName:PartnerFile
Value:
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:lang
Value:
ru
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:InstallerData
Value:
C:\Users\admin\AppData\Local\Temp\master_preferences
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:ClidsFile
Value:
C:\Users\admin\AppData\Local\Temp\clids.xml
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:YandexWebsiteIconFile
Value:
C:\Users\admin\AppData\Local\Temp\website.ico
(PID) Process:(7448) Yandex (2).exeKey:HKEY_CURRENT_USER\SOFTWARE\Yandex\YandexBrowser
Operation:writeName:AbtConfigResourceFile
Value:
C:\Users\admin\AppData\Local\Temp\abt_config_resource
Executable files
26
Suspicious files
503
Text files
168
Unknown types
0

Dropped files

PID
Process
Filename
Type
7448Yandex (2).exeC:\Users\admin\AppData\Local\Temp\website.ico
MD5:
SHA256:
7448Yandex (2).exeC:\Users\admin\AppData\Roaming\Yandex\uitext
MD5:8052959C11392F603ABC4C72B4309F5F
SHA256:5850F48110F71510DF1BAEF57E9FF4CE39AD2FCC16CC83A1A8EE62D2678E1F1F
7448Yandex (2).exeC:\Users\admin\AppData\Local\Temp\distrib_infobinary
MD5:A9497F9ADC1CE63B9CA3E41F961EF67E
SHA256:0FC77713B6CA9EF6B1641F0517FE480E41A2D2116BB0493EA7085F9740CEE94D
7448Yandex (2).exeC:\Users\admin\AppData\Local\Temp\lite_installer.logtext
MD5:9F5FD85494D67765A5250FAC3F03A0FD
SHA256:60D9B20DEA3E3E9C0F6F25051A5DDD1386B45681244CC275BADD2A128A1F26EA
7448Yandex (2).exeC:\Users\admin\AppData\Local\Temp\BrandFilecompressed
MD5:7451835A987AEC37591C3E538949B6E2
SHA256:75C50CF0145B0E5976B963251D3ABC79A01D92D340BAE79A1D73279760626AE6
7448Yandex (2).exeC:\Users\admin\AppData\Local\Temp\PartnerFilecompressed
MD5:86685B8F802A59049E0CF378706BDF4E
SHA256:DE480E310E790AA6B2587B05D034214CFA65493CE7ECFDE08D0EC7A7FE3F039D
7448Yandex (2).exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81Bbinary
MD5:E4306BB0A430E6963E767D5473F4A7D5
SHA256:CD9805C0C50689200CF811519F2840F54737355CEEF806850D5C948B84221C2F
7448Yandex (2).exeC:\Users\admin\AppData\Local\Temp\abt_config_resourcebinary
MD5:59EB0E62D6DE9DCCF6B5CB7CEA646852
SHA256:DBA16CB3A4A82464614E4F14729861D43D7BD3A12BD87631A829DE84FC6242E6
7448Yandex (2).exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DAD5545724AA2C98C55095F428499FBbinary
MD5:CDC85232AD12F65F0005DE80610CD8C3
SHA256:5411AD9A2B1EA701731504430C32C90D791AC340A7F541EAFAD21953397AB180
7448Yandex (2).exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3binary
MD5:B5F4604AD334071DFE92C830D5D7FB25
SHA256:947EB4FB25570F5EFDC5CC8BC79B29DE49E9767DA7AD66F66BF4B57CFF255E96
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
145
DNS requests
119
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.216.77.38:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/rootr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHUeP1PjGFkz6V8I7O6tApc%3D
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/rootr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDQHuXxad%2F5c1K2Rl1mo%3D
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.194.133:80
http://ocsp2.globalsign.com/rootr5/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQiD0S5cIHyfrLTJ1fvAkJWflH%2B2QQUPeYpSJvqB8ohREom3m7e0oPQn1kCDQHuXyKVQkkF%2BQGRqNw%3D
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/rootr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDQHuXxad%2F5c1K2Rl1mo%3D
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.194.133:80
http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/gseccovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSTMjK03nNiYoQYvu4Izyfn9OJNdAQUWHuOdSr%2BYYCqkEABrtboB0ZuP0gCDDPIyTHC%2B47uh3PW%2Bg%3D%3D
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDGuJTVriWIb8u1GmfA%3D%3D
unknown
whitelisted
7448
Yandex (2).exe
GET
200
151.101.2.133:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDCRMNlD21WNszWdjHQ%3D%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
23.216.77.38:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
7448
Yandex (2).exe
5.45.205.241:443
download.cdn.yandex.net
YANDEX LLC
RU
whitelisted
7448
Yandex (2).exe
213.180.193.234:443
api.browser.yandex.net
YANDEX LLC
RU
whitelisted
7448
Yandex (2).exe
151.101.2.133:80
ocsp.globalsign.com
FASTLY
US
whitelisted
7448
Yandex (2).exe
151.101.194.133:80
ocsp.globalsign.com
FASTLY
US
whitelisted
7448
Yandex (2).exe
5.45.247.13:443
cachev2-ams17.cdn.yandex.net
YANDEX LLC
RU
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.216.77.38
  • 23.216.77.19
  • 23.216.77.35
  • 23.216.77.20
  • 23.216.77.30
  • 23.216.77.36
  • 23.216.77.18
  • 23.216.77.25
  • 23.216.77.41
whitelisted
google.com
  • 172.217.18.14
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 2.23.246.101
whitelisted
download.cdn.yandex.net
  • 5.45.205.241
  • 5.45.205.245
  • 5.45.205.242
  • 5.45.205.244
  • 5.45.205.243
whitelisted
api.browser.yandex.net
  • 213.180.193.234
whitelisted
api.browser.yandex.ru
  • 213.180.193.234
whitelisted
ocsp.globalsign.com
  • 151.101.2.133
  • 151.101.194.133
  • 151.101.130.133
  • 151.101.66.133
whitelisted
ocsp2.globalsign.com
  • 151.101.194.133
  • 151.101.130.133
  • 151.101.66.133
  • 151.101.2.133
whitelisted
cachev2-ams17.cdn.yandex.net
  • 5.45.247.13
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Yandex (2).exe