Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

28.0.1500.8765 20.00%
25.0.1364.22076 20.00%
25.0.1364.21027 20.00%
25.0.1364.17262 20.00%
25.0.1364.15751 20.00%

Relationships

Parent process
Child process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegCreateKeyExW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegEnumKeyExW, RegCloseKey, OpenProcessToken, GetTokenInformation, CreateProcessAsUserW, GetTraceEnableFlags, GetTraceLoggerHandle, TraceEvent, UnregisterTraceGuids, GetTraceEnableLevel, RegisterTraceGuidsW, RegDisablePredefinedCache, RevertToSelf, SetTokenInformation, GetLengthSid, ConvertStringSidToSidW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, SetEntriesInAclW, GetSecurityInfo, CreateWellKnownSid, CopySid, LookupPrivilegeValueW, EqualSid, DuplicateToken, DuplicateTokenEx, CreateRestrictedToken, SetThreadToken
kernel32.dll
DllMain
shlwapi.dll
PathRemoveFileSpecW, PathFileExistsW
user32.dll
CreateDesktopW, SetProcessWindowStation, GetThreadDesktop, GetUserObjectInformationW, GetProcessWindowStation, CharUpperW, CreateWindowStationW, CloseDesktop, CloseWindowStation, MessageBoxW
userenv.dll
GetProfileType
version.dll
VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
winmm.dll
timeGetTime
Export table
CrashForException
DumpProcess
DumpProcessWithoutCrash
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
SetActiveURL
SetClientId
SetCommandLine2
SetExperimentList3
SetExtensionID
SetGpuInfo
SetNumberOfExtensions
SetNumberOfViews
SetPrinterInfo
SetUserId

browser.exe

Yandex by YANDEX LLC (Signed)

Remove browser.exe
Version:   28.0.1500.8765
MD5:   b3d60e14ac5ce46eb28e27cf3bc903f1
SHA1:   e0115bc5ee6aedc5698f210f222f68110f9b6b26

Overview

browser.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. It adds run once key to the current user's profile so that the file will execute the next time the user logs into Windows (it will delete the entry after it runs once). The file is digitally signed by YANDEX LLC which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:browser.exe
Publisher:YANDEX LLC
Product name:Yandex
Typical file path:C:\users\user\appdata\local\yandex\yandexbrowser\application\browser.exe
File version:28.0.1500.8765
Size:875.8 KB (896,816 bytes)
Build date:10/23/2013 6:11 PM
Certificate
Issued to:YANDEX LLC
Authority (CA):VeriSign
Digital DNA
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Shell open commands
  • ftp
  • mailto
  • https
Startup files (user) run once
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
  • 'Application Restart #0' → C:\users\user\appdata\Local\Yandex\YandexBrowser\Application\browser.exe --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end --disable-ssl-false-start --disable-client-s
Network connections
  • [TCP] host04.rax.ru (88.212.196.104:80)

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.03306540%
    0.028634%
    Kernel CPU:0.00806613%
    0.013761%
    User CPU:0.02499927%
    0.014873%
    Kernel CPU time:23,464,609 ms/min
    100,923,805ms/min
    Memory
    Private memory:176.51 MB
    21.59 MB
    Private (maximum):172.21 MB
    Private (minimum):47.12 MB
    Non-paged memory:176.51 MB
    21.59 MB
    Virtual memory:389.14 MB
    140.96 MB
    Virtual memory (peak):408.64 MB
    169.69 MB
    Working set:174.36 MB
    18.61 MB
    Working set (peak):196.31 MB
    37.95 MB
    Resource allocations
    Threads:16
    12
    Handles:399
    600
    GUI GDI count:166
    103
    GUI GDI peak:183
    142
    GUI USER count:34
    49
    GUI USER peak:42
    71

    BehaviorsProcess properties

    Integrety level:Untrusted
    Platform:64-bit
    Command lines:
    • "C:\users\user\appdata\local\yandex\yandexbrowser\application\browser.exe" --type=renderer --lang=ru --force-fieldtrials=prerenderloggedinpredictor/enabled/trialinfobarpanel/disabled/ml/1/ --user-id=69e34539-3024-4f30-9044-069a0fdf2ca9 --disable-client-side-phishing-detection --renderer-print-preview --brand-id=yandex --help-url=httC://help.yandex.ru/yabrowser/ --user-agent-info --disable-html-notifications --channel="4752.14.1766680365\1896423426" /prefetcC:673131151
    • "C:\users\user\appdata\local\yandex\yandexbrowser\application\browser.exe" --type=renderer --lang=ru --force-fieldtrials=prerenderloggedinpredictor/enabled/trialinfobarpanel/disabled/ml/1/ --user-id=69e34539-3024-4f30-9044-069a0fdf2ca9 --disable-client-side-phishing-detection --renderer-print-preview --brand-id=yandex --help-url=httC://help.yandex.ru/yabrowser/ --user-agent-info --disable-html-notifications --channel="4752.13.1908565107\661785112" /prefetcC:673131151
    • "C:\users\user\appdata\local\yandex\yandexbrowser\application\browser.exe" --type=plugin --plugin-path="C:\users\user\appdata\local\yandex\yandexbrowser\application\28.0.1500.8765\plugins\npswf32_11_8_800_168.dll" --lang=ru --channel="4752.4.1018275300\1561347834" --user-id=69e34539-3024-4f30-9044-069a0fdf2ca9 /prefetcC:-390060480
    • "C:\users\user\appdata\local\yandex\yandexbrowser\application\browser.exe" --type=renderer --lang=ru --force-fieldtrials=prerenderloggedinpredictor/enabled/trialinfobarpanel/disabled/ --user-id=69e34539-3024-4f30-9044-069a0fdf2ca9 --extension-process --disable-client-side-phishing-detection --renderer-print-preview --brand-id=yandex --help-url=httC://help.yandex.ru/yabrowser/ --user-agent-info --disable-html-notifications --channel="4752.2.622663525\1763298971" /prefetcC:673131151
    • "C:\users\user\appdata\local\yandex\yandexbrowser\application\browser.exe"
    • "C:\users\user\appdata\local\yandex\yandexbrowser\application\browser.exe" --type=renderer --lang=ru --force-fieldtrials=prerenderloggedinpredictor/enabled/trialinfobarpanel/disabled/ml/1/ --user-id=69e34539-3024-4f30-9044-069a0fdf2ca9 --disable-client-side-phishing-detection --renderer-print-preview --brand-id=yandex --help-url=httC://help.yandex.ru/yabrowser/ --user-agent-info --disable-html-notifications --channel="4752.3.1134462507\964528900" /prefetcC:673131151
    • "C:\users\user\appdata\local\yandex\yandexbrowser\application\browser.exe" --type=renderer --lang=ru --force-fieldtrials=prerenderloggedinpredictor/enabled/trialinfobarpanel/disabled/ --user-id=69e34539-3024-4f30-9044-069a0fdf2ca9 --extension-process --disable-client-side-phishing-detection --renderer-print-preview --brand-id=yandex --help-url=httC://help.yandex.ru/yabrowser/ --user-agent-info --disable-html-notifications --channel="4752.1.211710102\760444365" /prefetcC:673131151
    • (8 more)
    Owner:User
    Parent processes:

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Ultimate 60.00%
    Windows 7 Professional 20.00%
    Microsoft Windows XP 20.00%

    Distribution by countryDistribution by country

    Turkey installs about 40.00% of Yandex.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Acer 100.00%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE