General Info

File name

search (1).exe

Full analysis
https://app.any.run/tasks/8cc659e6-868b-418b-ad6a-092cbb2c3817
Verdict
Malicious activity
Analysis date
11/8/2019, 13:53:39
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

trojan

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

480506d758753f627d536de351b330ef

SHA1

13c2e5713da385e91a34c8b273a1a33031f60fc9

SHA256

595cc8311c33df790708ede5439ce7cab20def6e3d9501fa2abc8e414caf3d6a

SSDEEP

98304:ckihnLMQxni9OdWW/6S4L7jp6aMB+sY1TfezXstwLzt5HH:I7i9e/KxMB+sY1TkXs6H

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • regsvr32.exe (PID: 3848)
  • search (1).exe (PID: 1216)
  • search (1).exe (PID: 884)
Disables Windows Defender
  • search (1).exe (PID: 884)
  • search (1).exe (PID: 1216)
Registers / Runs the DLL via REGSVR32.EXE
  • search (1).exe (PID: 884)
Changes Windows auto-update feature
  • search (1).exe (PID: 884)
  • search (1).exe (PID: 1216)
Connects to CnC server
  • search (1).exe (PID: 884)
Application launched itself
  • search (1).exe (PID: 884)
  • search (1).exe (PID: 2084)
Creates COM task schedule object
  • regsvr32.exe (PID: 3848)
Reads internet explorer settings
  • search (1).exe (PID: 884)
Executable content was dropped or overwritten
  • search (1).exe (PID: 884)
  • regsvr32.exe (PID: 3848)
Executes scripts
  • search (1).exe (PID: 1216)
Changes the started page of IE
  • search (1).exe (PID: 884)
Uses REG.EXE to modify Windows registry
  • search (1).exe (PID: 884)
Creates files in the Windows directory
  • search (1).exe (PID: 884)
Creates files in the program directory
  • search (1).exe (PID: 884)
Creates files in the user directory
  • cscript.exe (PID: 3304)
  • search (1).exe (PID: 884)
Dropped object may contain Bitcoin addresses
  • search (1).exe (PID: 884)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win64 Executable (generic) (64.6%)
.dll
|   Win32 Dynamic Link Library (generic) (15.4%)
.exe
|   Win32 Executable (generic) (10.5%)
.exe
|   Generic Win/DOS Executable (4.6%)
.exe
|   DOS Executable Generic (4.6%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2015:11:18 16:44:01+01:00
PEType:
PE32
LinkerVersion:
12
CodeSize:
3259904
InitializedDataSize:
1342464
UninitializedDataSize:
null
EntryPoint:
0x2628cf
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
FileVersionNumber:
2.22.1.129
ProductVersionNumber:
2.22.1.129
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Russian
CharacterSet:
Windows, Cyrillic
FileDescription:
MailRuSputnik
FileVersion:
2.22.1.129
InternalName:
MailRuSputnik
LegalCopyright:
Copyright c 2005 - 2015
OriginalFileName:
MailRuSputnik.exe
ProductName:
MailRuSputnik
ProductVersion:
2.22.1.129
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
18-Nov-2015 15:44:01
Detected languages
English - United States
Russian - Russia
TLS Callbacks:
1 callback(s) detected.
Debug artifacts
C:\Build\desktop_apps\_out\MailRuSputnik.pdb
FileDescription:
MailRuSputnik
FileVersion:
2.22.1.129
InternalName:
MailRuSputnik
LegalCopyright:
Copyright c 2005 - 2015
OriginalFilename:
MailRuSputnik.exe
ProductName:
MailRuSputnik
ProductVersion:
2.22.1.129
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000110
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
6
Time date stamp:
18-Nov-2015 15:44:01
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0031BD9B 0x0031BE00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.56648
.rdata 0x0031D000 0x00098922 0x00098A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.85299
.data 0x003B6000 0x0002120C 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.96801
.tls 0x003D8000 0x00000002 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x003D9000 0x00064D18 0x00064E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.75871
.reloc 0x0043E000 0x00028D28 0x00028E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 6.60472
Resources
1

2

3

4

5

6

7

129

130

201

214

215

222

IDR_GOMAILRUICO

IDR_MAILRUICO

Imports
    KERNEL32.dll

    USER32.dll

    ADVAPI32.dll

    ole32.dll

    SHELL32.dll

    OLEAUT32.dll

    SHLWAPI.dll

    COMCTL32.dll

    GDI32.dll

    WS2_32.dll

    PSAPI.DLL

    USERENV.dll

    urlmon.dll

    WTSAPI32.dll

    CRYPT32.dll

    d3d9.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
47
Monitored processes
6
Malicious processes
3
Suspicious processes
0

Behavior graph

+
start search (1).exe no specs search (1).exe search (1).exe cscript.exe no specs regsvr32.exe reg.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2084
CMD
"C:\Users\admin\AppData\Local\Temp\search (1).exe"
Path
C:\Users\admin\AppData\Local\Temp\search (1).exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
MailRuSputnik
Version
2.22.1.129
Modules
Image
c:\users\admin\appdata\local\temp\search (1).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\version.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mpr.dll

PID
884
CMD
"C:\Users\admin\AppData\Local\Temp\search (1).exe" -call_for_elev
Path
C:\Users\admin\AppData\Local\Temp\search (1).exe
Indicators
Parent process
search (1).exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
MailRuSputnik
Version
2.22.1.129
Modules
Image
c:\users\admin\appdata\local\temp\search (1).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\version.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\uxtheme.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\fwpuclnt.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\linkinfo.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll
c:\windows\system32\gpedit.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\atl.dll
c:\windows\system32\dsuiext.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\dssec.dll
c:\windows\system32\authz.dll
c:\windows\system32\dfscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\slc.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\regsvr32.exe
c:\users\admin\appdata\local\mail.ru\sputnik\ie_addon_dll.dll

PID
1216
CMD
"C:\Users\admin\AppData\Local\Temp\search (1).exe" /silent /kinder -call_for_elev/path="C:\Program Files\Mail.Ru\Sputnik" /nosputnikff /nochromeext /nopintab
Path
C:\Users\admin\AppData\Local\Temp\search (1).exe
Indicators
Parent process
search (1).exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
MailRuSputnik
Version
2.22.1.129
Modules
Image
c:\users\admin\appdata\local\temp\search (1).exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\version.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\iexplore.exe
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cscript.exe
c:\program files\mozilla firefox\firefox.exe
c:\users\admin\appdata\local\mail.ru\sputnik\ie_addon_dll.dll
c:\windows\system32\gpedit.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\atl.dll
c:\windows\system32\dsuiext.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\dssec.dll
c:\windows\system32\authz.dll
c:\windows\system32\dfscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\framedynos.dll

PID
3304
CMD
"C:\Windows\System32\cscript.exe" //B //Nologo "C:\Users\admin\AppData\Local\Temp\shortcut.js"
Path
C:\Windows\System32\cscript.exe
Indicators
No indicators
Parent process
search (1).exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft ® Console Based Script Host
Version
5.8.7600.16385
Modules
Image
c:\windows\system32\cscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sxs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\jscript.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\scrobj.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\windows\system32\userenv.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\netutils.dll

PID
3848
CMD
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\admin\AppData\Local\Mail.Ru/Sputnik\ie_addon_dll.dll"
Path
C:\Windows\System32\regsvr32.exe
Indicators
Parent process
search (1).exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\users\admin\appdata\local\mail.ru\sputnik\ie_addon_dll.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\atl.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
3000
CMD
"C:\Windows\System32\reg.exe" import C:\Users\admin\AppData\Local\Temp\ie.reg
Path
C:\Windows\System32\reg.exe
Indicators
No indicators
Parent process
search (1).exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Registry Console Tool
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\reg.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

Registry activity

Total events
2003
Read events
1360
Write events
433
Delete events
210

Modification events

PID
Process
Operation
Key
Name
Value
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2DDBF7D-844C-40FD-9EB0-96B2A5E8BD8E}User
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2DDBF7D-844C-40FD-9EB0-96B2A5E8BD8E}Machine
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2DDBF7D-844C-40FD-9EB0-96B2A5E8BD8E}Machine\Software
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2DDBF7D-844C-40FD-9EB0-96B2A5E8BD8E}Machine\Software\Policies
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2DDBF7D-844C-40FD-9EB0-96B2A5E8BD8E}Machine\Software\Policies\Microsoft
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2DDBF7D-844C-40FD-9EB0-96B2A5E8BD8E}Machine\Software\Policies\Microsoft\Windows
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2DDBF7D-844C-40FD-9EB0-96B2A5E8BD8E}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2DDBF7D-844C-40FD-9EB0-96B2A5E8BD8E}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2DDBF7D-844C-40FD-9EB0-96B2A5E8BD8E}Machine\Software\Policies\Microsoft\Windows Defender
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2DDBF7D-844C-40FD-9EB0-96B2A5E8BD8E}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{212F1120-F0E5-4F19-981B-AC091E262424}User
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{212F1120-F0E5-4F19-981B-AC091E262424}Machine
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{212F1120-F0E5-4F19-981B-AC091E262424}Machine\Software
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{212F1120-F0E5-4F19-981B-AC091E262424}Machine\Software\Policies
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{212F1120-F0E5-4F19-981B-AC091E262424}Machine\Software\Policies\Microsoft
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{212F1120-F0E5-4F19-981B-AC091E262424}Machine\Software\Policies\Microsoft\Windows
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{212F1120-F0E5-4F19-981B-AC091E262424}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{212F1120-F0E5-4F19-981B-AC091E262424}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{212F1120-F0E5-4F19-981B-AC091E262424}Machine\Software\Policies\Microsoft\Windows Defender
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{212F1120-F0E5-4F19-981B-AC091E262424}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3D544269-1FC3-44D7-8835-768CBB15B8AC}User
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3D544269-1FC3-44D7-8835-768CBB15B8AC}Machine
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3D544269-1FC3-44D7-8835-768CBB15B8AC}Machine\Software
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3D544269-1FC3-44D7-8835-768CBB15B8AC}Machine\Software\Policies
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3D544269-1FC3-44D7-8835-768CBB15B8AC}Machine\Software\Policies\Microsoft
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3D544269-1FC3-44D7-8835-768CBB15B8AC}Machine\Software\Policies\Microsoft\Windows
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3D544269-1FC3-44D7-8835-768CBB15B8AC}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3D544269-1FC3-44D7-8835-768CBB15B8AC}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3D544269-1FC3-44D7-8835-768CBB15B8AC}Machine\Software\Policies\Microsoft\Windows Defender
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3D544269-1FC3-44D7-8835-768CBB15B8AC}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FACE0DCF-F103-4199-937D-2EFEEFC4C2C5}User
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FACE0DCF-F103-4199-937D-2EFEEFC4C2C5}Machine
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FACE0DCF-F103-4199-937D-2EFEEFC4C2C5}Machine\Software
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FACE0DCF-F103-4199-937D-2EFEEFC4C2C5}Machine\Software\Policies
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FACE0DCF-F103-4199-937D-2EFEEFC4C2C5}Machine\Software\Policies\Microsoft
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FACE0DCF-F103-4199-937D-2EFEEFC4C2C5}Machine\Software\Policies\Microsoft\Windows
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FACE0DCF-F103-4199-937D-2EFEEFC4C2C5}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FACE0DCF-F103-4199-937D-2EFEEFC4C2C5}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FACE0DCF-F103-4199-937D-2EFEEFC4C2C5}Machine\Software\Policies\Microsoft\Windows Defender
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FACE0DCF-F103-4199-937D-2EFEEFC4C2C5}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EE2DBFB4-7693-4CC7-BD9B-5A2BCA91C36C}User
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EE2DBFB4-7693-4CC7-BD9B-5A2BCA91C36C}Machine
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EE2DBFB4-7693-4CC7-BD9B-5A2BCA91C36C}Machine\Software
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EE2DBFB4-7693-4CC7-BD9B-5A2BCA91C36C}Machine\Software\Policies
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EE2DBFB4-7693-4CC7-BD9B-5A2BCA91C36C}Machine\Software\Policies\Microsoft
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EE2DBFB4-7693-4CC7-BD9B-5A2BCA91C36C}Machine\Software\Policies\Microsoft\Windows
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EE2DBFB4-7693-4CC7-BD9B-5A2BCA91C36C}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EE2DBFB4-7693-4CC7-BD9B-5A2BCA91C36C}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EE2DBFB4-7693-4CC7-BD9B-5A2BCA91C36C}Machine\Software\Policies\Microsoft\Windows Defender
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EE2DBFB4-7693-4CC7-BD9B-5A2BCA91C36C}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D10869EF-148B-4AD7-84A6-08D8E9232036}User
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D10869EF-148B-4AD7-84A6-08D8E9232036}Machine
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D10869EF-148B-4AD7-84A6-08D8E9232036}Machine\Software
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D10869EF-148B-4AD7-84A6-08D8E9232036}Machine\Software\Policies
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D10869EF-148B-4AD7-84A6-08D8E9232036}Machine\Software\Policies\Microsoft
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D10869EF-148B-4AD7-84A6-08D8E9232036}Machine\Software\Policies\Microsoft\Windows
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D10869EF-148B-4AD7-84A6-08D8E9232036}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D10869EF-148B-4AD7-84A6-08D8E9232036}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D10869EF-148B-4AD7-84A6-08D8E9232036}Machine\Software\Policies\Microsoft\Windows Defender
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D10869EF-148B-4AD7-84A6-08D8E9232036}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CFCAC7E4-DB16-448E-AD44-DBFF6B5A24B3}User
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CFCAC7E4-DB16-448E-AD44-DBFF6B5A24B3}Machine
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CFCAC7E4-DB16-448E-AD44-DBFF6B5A24B3}Machine\Software
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CFCAC7E4-DB16-448E-AD44-DBFF6B5A24B3}Machine\Software\Policies
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CFCAC7E4-DB16-448E-AD44-DBFF6B5A24B3}Machine\Software\Policies\Microsoft
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CFCAC7E4-DB16-448E-AD44-DBFF6B5A24B3}Machine\Software\Policies\Microsoft\Windows
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CFCAC7E4-DB16-448E-AD44-DBFF6B5A24B3}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CFCAC7E4-DB16-448E-AD44-DBFF6B5A24B3}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CFCAC7E4-DB16-448E-AD44-DBFF6B5A24B3}Machine\Software\Policies\Microsoft\Windows Defender
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CFCAC7E4-DB16-448E-AD44-DBFF6B5A24B3}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2C49057B-1EC7-46E4-BB17-31BDC0CFA60B}User
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2C49057B-1EC7-46E4-BB17-31BDC0CFA60B}Machine
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2C49057B-1EC7-46E4-BB17-31BDC0CFA60B}Machine\Software
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2C49057B-1EC7-46E4-BB17-31BDC0CFA60B}Machine\Software\Policies
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2C49057B-1EC7-46E4-BB17-31BDC0CFA60B}Machine\Software\Policies\Microsoft
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2C49057B-1EC7-46E4-BB17-31BDC0CFA60B}Machine\Software\Policies\Microsoft\Windows
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2C49057B-1EC7-46E4-BB17-31BDC0CFA60B}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2C49057B-1EC7-46E4-BB17-31BDC0CFA60B}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2C49057B-1EC7-46E4-BB17-31BDC0CFA60B}Machine\Software\Policies\Microsoft\Windows Defender
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2C49057B-1EC7-46E4-BB17-31BDC0CFA60B}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F4A59059-DD1E-468F-8DA6-CA0F7CA86485}User
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F4A59059-DD1E-468F-8DA6-CA0F7CA86485}Machine
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F4A59059-DD1E-468F-8DA6-CA0F7CA86485}Machine\Software
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F4A59059-DD1E-468F-8DA6-CA0F7CA86485}Machine\Software\Policies
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F4A59059-DD1E-468F-8DA6-CA0F7CA86485}Machine\Software\Policies\Microsoft
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F4A59059-DD1E-468F-8DA6-CA0F7CA86485}Machine\Software\Policies\Microsoft\Windows
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F4A59059-DD1E-468F-8DA6-CA0F7CA86485}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F4A59059-DD1E-468F-8DA6-CA0F7CA86485}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F4A59059-DD1E-468F-8DA6-CA0F7CA86485}Machine\Software\Policies\Microsoft\Windows Defender
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F4A59059-DD1E-468F-8DA6-CA0F7CA86485}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FCFF1A02-31AB-410A-B3C0-CCE3BC3AE02A}User
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FCFF1A02-31AB-410A-B3C0-CCE3BC3AE02A}Machine
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FCFF1A02-31AB-410A-B3C0-CCE3BC3AE02A}Machine\Software
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FCFF1A02-31AB-410A-B3C0-CCE3BC3AE02A}Machine\Software\Policies
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FCFF1A02-31AB-410A-B3C0-CCE3BC3AE02A}Machine\Software\Policies\Microsoft
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FCFF1A02-31AB-410A-B3C0-CCE3BC3AE02A}Machine\Software\Policies\Microsoft\Windows
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FCFF1A02-31AB-410A-B3C0-CCE3BC3AE02A}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FCFF1A02-31AB-410A-B3C0-CCE3BC3AE02A}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FCFF1A02-31AB-410A-B3C0-CCE3BC3AE02A}Machine\Software\Policies\Microsoft\Windows Defender
884
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FCFF1A02-31AB-410A-B3C0-CCE3BC3AE02A}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
search (1).exe
884
search (1).exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Settings
GUID
{D7A76D48-7FDF-42A7-9EEC-529D82C170E8}
884
search (1).exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar
DefBrowser
ie
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech
UserID
{37291874-0C3D-4CBF-B508-BCD5860D91AB}
884
search (1).exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2DDBF7D-844C-40FD-9EB0-96B2A5E8BD8E}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2DDBF7D-844C-40FD-9EB0-96B2A5E8BD8E}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2DDBF7D-844C-40FD-9EB0-96B2A5E8BD8E}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2DDBF7D-844C-40FD-9EB0-96B2A5E8BD8E}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{212F1120-F0E5-4F19-981B-AC091E262424}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{212F1120-F0E5-4F19-981B-AC091E262424}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{212F1120-F0E5-4F19-981B-AC091E262424}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{212F1120-F0E5-4F19-981B-AC091E262424}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3D544269-1FC3-44D7-8835-768CBB15B8AC}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3D544269-1FC3-44D7-8835-768CBB15B8AC}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3D544269-1FC3-44D7-8835-768CBB15B8AC}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3D544269-1FC3-44D7-8835-768CBB15B8AC}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
DisplayName
Поиск@Mail.Ru
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
URL
http://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B51ED9080-A041-4D0A-8275-8A98E8DF8425%7D&gp=
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
FaviconURLFallback
http://go.mail.ru/favicon.ico
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
ShowSearchSuggestions
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
SuggestionsURL
http://suggests.go.mail.ru/ie8?q={SearchTerms}
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ieext\{8E8F97CD-60B5-456F-A201-73065652D099}
product_id
{5D9E6E17-260E-4553-B37A-FF772A972D11}
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ieext\{8E8F97CD-60B5-456F-A201-73065652D099}
rfr
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ieext\{8E8F97CD-60B5-456F-A201-73065652D099}
product_type
ie_xtndse
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ieext\{8E8F97CD-60B5-456F-A201-73065652D099}
install_id
{D7A76D48-7FDF-42A7-9EEC-529D82C170E8}
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FACE0DCF-F103-4199-937D-2EFEEFC4C2C5}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FACE0DCF-F103-4199-937D-2EFEEFC4C2C5}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FACE0DCF-F103-4199-937D-2EFEEFC4C2C5}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FACE0DCF-F103-4199-937D-2EFEEFC4C2C5}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page
http://mail.ru/cnt/10445?gp=
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EE2DBFB4-7693-4CC7-BD9B-5A2BCA91C36C}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EE2DBFB4-7693-4CC7-BD9B-5A2BCA91C36C}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EE2DBFB4-7693-4CC7-BD9B-5A2BCA91C36C}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{EE2DBFB4-7693-4CC7-BD9B-5A2BCA91C36C}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D10869EF-148B-4AD7-84A6-08D8E9232036}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D10869EF-148B-4AD7-84A6-08D8E9232036}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D10869EF-148B-4AD7-84A6-08D8E9232036}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D10869EF-148B-4AD7-84A6-08D8E9232036}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CFCAC7E4-DB16-448E-AD44-DBFF6B5A24B3}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CFCAC7E4-DB16-448E-AD44-DBFF6B5A24B3}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CFCAC7E4-DB16-448E-AD44-DBFF6B5A24B3}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CFCAC7E4-DB16-448E-AD44-DBFF6B5A24B3}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
884
search (1).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jedelkhanefmcnpappfhachbpnlhomai
update_url
https://clients2.google.com/service/update2/crx
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2C49057B-1EC7-46E4-BB17-31BDC0CFA60B}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2C49057B-1EC7-46E4-BB17-31BDC0CFA60B}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2C49057B-1EC7-46E4-BB17-31BDC0CFA60B}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2C49057B-1EC7-46E4-BB17-31BDC0CFA60B}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
884
search (1).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gdknicmnhbaajdglbinpahhapghpakch
update_url
https://clients2.google.com/service/update2/crx
884
search (1).exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pganlglbhgfjfgopijbhemcpbehjnpia
update_url
https://clients2.google.com/service/update2/crx
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F4A59059-DD1E-468F-8DA6-CA0F7CA86485}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F4A59059-DD1E-468F-8DA6-CA0F7CA86485}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F4A59059-DD1E-468F-8DA6-CA0F7CA86485}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F4A59059-DD1E-468F-8DA6-CA0F7CA86485}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ptls\{A12C4AB1-F4D0-4771-8C21-613E9D12491F}\ch
sp
LlybSVbttQqpAxIsKaevGioKg0tb/axI90ISNjiisCkaKPctOojJaMdlJAwMnY97RzqlYn6a0mjPbCJRSMjiN3RK2RVA8uxI6FUNXA==
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ptls\{11A1974E-9BEF-4B50-8E2F-9F25FC775BD1}\ff
sp
LlybSVbttQqpAxIsKaevGioKg0tb/axI90ISNjiisCkaKPctOojJaMdlJAwMko97RzqlYn6a0mjPbCJRSMjiN3RK2RVA8uxI6FUNXA==
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FCFF1A02-31AB-410A-B3C0-CCE3BC3AE02A}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FCFF1A02-31AB-410A-B3C0-CCE3BC3AE02A}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FCFF1A02-31AB-410A-B3C0-CCE3BC3AE02A}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
884
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FCFF1A02-31AB-410A-B3C0-CCE3BC3AE02A}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
2084
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
search (1).exe
2084
search (1).exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Settings
GUID
{B871778E-62D7-4249-8EAA-E78D160CCD1B}
2084
search (1).exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar
DefBrowser
ie
2084
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2084
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1216
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
search (1).exe
1216
search (1).exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Settings
GUID
{9C901476-BFB2-4FC6-9A5D-9C3936CDE8A2}
1216
search (1).exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar
DefBrowser
ie
1216
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1216
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1216
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2050216-4FE2-4109-B402-78F917359852}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
1216
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2050216-4FE2-4109-B402-78F917359852}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
1216
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2050216-4FE2-4109-B402-78F917359852}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
1216
search (1).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2050216-4FE2-4109-B402-78F917359852}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
1216
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2050216-4FE2-4109-B402-78F917359852}User
1216
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
1216
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2050216-4FE2-4109-B402-78F917359852}Machine
1216
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2050216-4FE2-4109-B402-78F917359852}Machine\Software
1216
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2050216-4FE2-4109-B402-78F917359852}Machine\Software\Policies
1216
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2050216-4FE2-4109-B402-78F917359852}Machine\Software\Policies\Microsoft
1216
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2050216-4FE2-4109-B402-78F917359852}Machine\Software\Policies\Microsoft\Windows
1216
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2050216-4FE2-4109-B402-78F917359852}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
1216
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2050216-4FE2-4109-B402-78F917359852}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
1216
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2050216-4FE2-4109-B402-78F917359852}Machine\Software\Policies\Microsoft\Windows Defender
1216
search (1).exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D2050216-4FE2-4109-B402-78F917359852}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
3304
cscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
3304
cscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
3304
cscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
3304
cscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@sendmail.dll,-4
Mail recipient
3304
cscript.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient
3304
cscript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
Favorites
007C01000014001F80C827341F105C1042AA032EE45287D6685200310000000000454B864A11005461736B426172003C0008000400EFBE454B864A454B864A2A000000603E00000000040000000000000000000000000000005400610073006B00420061007200000016001401320085050000454B864A2000494E5445524E7E312E4C4E4B0000A60008000400EFBE454B864A454B864A2A000000613E000000000400000000000000000056000000000049006E007400650072006E006500740020004500780070006C006F007200650072002E006C006E006B000000400043003A005C00570069006E0064006F00770073005C00530079007300740065006D00330032005C00690065003400750069006E00690074002E006500780065002C002D0037003300310000001C00520000001D00EFBE02004D006900630072006F0073006F00660074002E0049006E007400650072006E00650074004500780070006C006F007200650072002E00440065006600610075006C00740000001C000000007601000014001F80C827341F105C1042AA032EE45287D6685200310000000000454B864A11005461736B426172003C0008000400EFBE454B864A454B864A2A000000603E00000000040000000000000000000000000000005400610073006B00420061007200000016000E013200CC040000EE3AB624200057494E444F577E312E4C4E4B00007E0008000400EFBE454B864A454B864A2A000000673E0000000005000000000000000000540000000000570069006E0064006F007700730020004500780070006C006F007200650072002E006C006E006B00000040007300680065006C006C00330032002E0064006C006C002C002D003200320030003600370000001C00740000001D00EFBE02007B00460033003800420046003400300034002D0031004400340033002D0034003200460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E0065007800650000001C000000007801000014001F80C827341F105C1042AA032EE45287D6685200310000000000454B864A11005461736B426172003C0008000400EFBE454B864A454B864A2A000000603E00000000040000000000000000000000000000005400610073006B004200610072000000160010013200EB050000743D33AD200057494E444F577E322E4C4E4B0000A80008000400EFBE454B864A454B864A2A0000006B3E00000000050000000000000000005C0000000000570069006E0064006F007700730020004D006500640069006100200050006C0061007900650072002E006C006E006B000000400043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C0075006E007200650067006D00700032002E006500780065002C002D00340000001C004C0000001D00EFBE02004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004D00650064006900610050006C0061007900650072003300320000001C00000000EE00000014001F80C827341F105C1042AA032EE45287D66852003100000000001C4D7D5911005461736B426172003C0008000400EFBE454B864A1C4D7D592A000000603E00000000040000000000000000000000000000005400610073006B0042006100720000001600860032007A0800001C4D59592000474F4F474C457E312E4C4E4B0000500008000400EFBE1C4D7D591C4D7D592A00000097C0000000000100000000000000000000000000000047006F006F0067006C00650020004300680072006F006D0065002E006C006E006B0000001C001A0000001D00EFBE02004300680072006F006D00650000001C000000005201000014001F80C827341F105C1042AA032EE45287D66852003100000000001C4DD15D11005461736B426172003C0008000400EFBE454B864A1C4DD15D2A000000603E00000000040000000000000000000000000000005400610073006B0042006100720000001600EA003200FB0600001C4DD05D20004F50455241317E312E4C4E4B0000540008000400EFBE1C4DD15D1C4DD15D2A000000E6C600000000010000000000000000000000000000004F007000650072006100310032002E0031003500200031003700340038002E006C006E006B0000001C007A0000001D00EFBE02007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C004F0070006500720061005C006F0070006500720061002E0065007800650000001C000000005201000014001F80C827341F105C1042AA032EE45287D6685200310000000000684FD36611005461736B426172003C0008000400EFBE454B864A684FD3662A000000603E00000000040000000000000000000000000000005400610073006B0042006100720000001600EA003200CC070000684FD26620004D41494C52557E312E4C4E4B0000440008000400EFBE684FD366684FD3662A000000EFCB000000000F0000000000000000000000000000004D00610069006C002E00520075002E006C006E006B0000001C008A0000001D00EFBE02004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00330037003400350042003100330039002D0034003000430039002D0031003700310037002D0038003800450043002D004100350030004500360045003700430037004200380044007D0000001C000000FF
3304
cscript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
FavoritesChanges
10
3304
cscript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
FavoritesVersion
2
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
MRSearchPlugin
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
NoExplorer
1
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
AppName
mrkeeper.exe
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
AppPath
C:\Users\admin\AppData\Local\Mail.Ru
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
Policy
3
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\InprocServer32
C:\Users\admin\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\InprocServer32
ThreadingModel
Apartment
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\Version
1.0
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\ProgID
IESearchPlugin.MailRuBHO.1
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\Name
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESearchPlugin.MailRuBHO
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESearchPlugin.MailRuBHO\CLSID
{8E8F97CD-60B5-456F-A201-73065652D099}
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESearchPlugin.MailRuBHO\CurVer
IESearchPlugin.MailRuBHO.1
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1
3848
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1\CLSID
{8E8F97CD-60B5-456F-A201-73065652D099}
3848
regsvr32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions
{8E8F97CD-60B5-456F-A201-73065652D099}
51667A6C4C1D3B1BDD88949382330308BA03384654109082
3000
reg.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences

Files activity

Executable files
3
Suspicious files
8
Text files
49
Unknown types
5

Dropped files

PID
Process
Filename
Type
3848
regsvr32.exe
C:\Users\admin\AppData\Local\Mail.Ru\mrkeeper.exe
executable
MD5: 2dfcf04fc94b9f268991b6344149bf7b
SHA256: b75db4bc584670986c305e1ff8df339bae96c1148c63defd2202ebe487604651
884
search (1).exe
C:\Users\admin\AppData\Local\Temp\6ec6-8ae3-52f3-2f5a\ie_addon_dll.dll
executable
MD5: 8c1c71d39137c7a7b2b9bdfe6eefe73c
SHA256: 1d297d91948c568edf3214eff94460c7dcf5c32a96bbee1f5adf47c3754ced63
884
search (1).exe
C:\Users\admin\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll
executable
MD5: 8c1c71d39137c7a7b2b9bdfe6eefe73c
SHA256: 1d297d91948c568edf3214eff94460c7dcf5c32a96bbee1f5adf47c3754ced63
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\searchbar__button.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\proto\tab-strip.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\modules\bookmarks\drag_drop.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\proto\slider.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\modules\traffic.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\visual-bookmarks.html
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\modules\searchbar.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\sandbox\facade.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\modules\bookmarks\updates.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\modules\themes.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\manifest.json
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\modules\bookmarks\layout.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\proto\informer.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\modules\weather.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\utils\utils.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\modules\currency.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\modules\news.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\modules\odnoklassniki-counter.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\modules\bookmarks\remove-dialog.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\main.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\modules\geo-monitoring.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\libs\knockout-2.2.1.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\skin\vb-logo.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\modules\bookmarks\edit-dialog.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\libs\suggests.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\proto\pane.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\install.rdf
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\modules\mail-counter.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\weather\05.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\config\config.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\application_core\visibleTab.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\application_core\sqliteStorage.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\weather\10.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\google-analytics.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\weather\03.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\weather\11.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\weather\09.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\application_core\jquery-core.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\thumbnails\news.mail.ru.jpeg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\thumbnails\calendar.mail.ru.jpeg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\weather\07.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\application_core\file-system.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\weather\08.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\thumbnails\games.mail.ru.jpeg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\thumbnails\torg.mail.ru.jpeg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\libs\jquery-ui.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\weather\06.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\js\libs\jquery.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\thumbnails\mail.ru.jpeg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\weather\01.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\weather\04.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\thumbnails\travel.mail.ru.jpeg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\wood_2.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\weather\02.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\_flax.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\themes__theme-fade-ok.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\wall.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\body__bg-11.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\body__bg-4.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\body__bg-9.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\themes__arrow-right.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\body__bg-10.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\_cookies.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\body__bg-7.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\body__bg-8.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\leather.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\cookies.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\leather.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\wood.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\_wall.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\body__bg-3.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\themes__theme-fade-wrong.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\body__bg-8.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\body__bg-6.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\body__bg-6.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\fabric.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\wood.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\body__bg-13.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\_fabric.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\_mosaic.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\themes__arrow-left.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\body__bg-5.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\body__bg-7.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\body__bg-1.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\flax.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\mosaic.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\wood_2.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\preview\body__bg-9.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\body__bg-5.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\p-main_sub__gradient.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\slide__control\slide__control-edit.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\slider-arrow.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\search_bg.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\searchbar.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\body__bg-13.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\slide__control\slide__control-delete.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\slide__control\slide__control-edit-hover.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\menu__item\menu__item-1.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\reg1.bg.v2.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\body__bg-10.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\pane-arrow.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\multiauth.gif
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\body__bg-1.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\body__bg-4.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\logo_bg.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\loader.gif
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\slide__control\slide__control-delete-hover.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\ProgramData\Mail.Ru\Id
text
MD5: 5793044967fb17c779cf362faa4d11f1
SHA256: 92ee27f9429a0db4109af9f5cde40694ccbbedaea0f709590d1413e88887936c
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\body__bg-11.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\sgmus.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\weather\11.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\no_photo.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\menu__item\menu__item-3.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\loading.gif
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\themes\body__bg-3.jpg
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\menu__item\menu__item-4.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\logo.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\menu__item\menu__item-2.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\leftright.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\48x48.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\weather\09.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\128x128.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\weather\10.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\weather\01.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\exchange\exchange-2.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\weather\07.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\close.v2.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\css\tabs.css
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\weather\04.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\16x16.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\exchange\exchange-3.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\exchange\exchange-1.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\weather\06.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\ajax_loader_mc.gif
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\weather\08.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\weather\03.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\weather\05.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\favicon.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\add_button.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\cross.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\dialog\close.v2.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\weather\02.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\informers\traffic\informers__traffic-jam.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\images\clock.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\css\themes.css
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\css\suggests.css
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\css\grid.css
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\overlay.xul
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\css\menu.css
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\css\searchbar.css
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\META-INF\mozilla.sf
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\main.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\META-INF\manifest.mf
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\css\splash.css
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\css\slide.css
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\background\background.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome.manifest
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\css\dialog.css
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\css\general.css
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\background\modules.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\css\informers.css
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\loader.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\css\news.css
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\css\customScrollbar.css
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\fx-metrics.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\newtabhomepage.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\visual-bookmarks\background\background.html
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\META-INF\mozilla.rsa
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\chrome\content\Utils.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Local\Temp\05b4-d83a-5ca2-51a3
compressed
MD5: b202bd9e8f900229dcafe0e1be0f2da2
SHA256: fc7b7993129eefa2f5188aee98216f242d1b00d8f11368221632bf2d3ef828b3
884
search (1).exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
sqlite
MD5: 90686ef4c0f34f6fba5b162f95aefecb
SHA256: 6186c43bea58f844dbe39dccf2eb895cc127a02fcbe82d6bbae6a6b88e1aef7a
884
search (1).exe
C:\Users\admin\AppData\Local\Mail.Ru\Sputnik\Report\84103
binary
MD5: d4d249bdb84b856e6ca4341fc805ae66
SHA256: 34dc149de55b33ea6b2863e8f9669817000ca82894d023eacba40b6d92d222c1
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
text
MD5: 5f842a12f8f53c240c90067fab31f64c
SHA256: 80a05be38e9613884a0bddfbf31a21f920a2fb22ae1279b41a0c859865601050
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\[email protected]
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\ed1b-ea66-7d6a-ed33\skin\mail48.png
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\ed1b-ea66-7d6a-ed33\install.rdf
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\ed1b-ea66-7d6a-ed33\chrome.manifest
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\ed1b-ea66-7d6a-ed33\content\loader.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\ed1b-ea66-7d6a-ed33\content\fx-metrics.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\ed1b-ea66-7d6a-ed33\META-INF\mozilla.sf
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\ed1b-ea66-7d6a-ed33\META-INF\mozilla.rsa
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\ed1b-ea66-7d6a-ed33\bootstrap.js
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\ed1b-ea66-7d6a-ed33\META-INF\manifest.mf
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Local\Temp\0c32-7e4c-6370-79b6
compressed
MD5: 6d0d86bb797a582f21515261b5a3597d
SHA256: 4312c50c50208d01079ab57b432123dbf753ccf779180a3ae6f2c2a5e69b9ac9
884
search (1).exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: 3366d8ee16495d2990360151a7071150
SHA256: da0b3d48f4425e27c71c3cce3eefffbbe02355c1b6aa899d892ee7c4d50f1d5e
884
search (1).exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
text
MD5: e9e4a515ddaceaa991a1a53e700836cc
SHA256: 5715f1fd1842a264f1856e48400609903fde1dacb84a1ef709f45fc4c06ad8c9
884
search (1).exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Local\Temp\GoMailRu.ico
image
MD5: e5faced6e6cac09f6a017df29a216eb9
SHA256: cf9eb0fe589f003b5205b28f744fd583a7e2dd270a190ca0624387b9d76cc81b
884
search (1).exe
C:\Users\admin\AppData\Local\Temp\MailRu.ico
image
MD5: 5796636702da24aac30acab300120ab6
SHA256: e78df4d7244f6dcd58a6a7e1faae2f03b503cdc351bb830c6018a49e2a85a2b4
884
search (1).exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: 6f55a897a1941fced4fa0a5bcdcb7421
SHA256: 25b5ac1322bb2fc4f3d6237d704d710d3b99344f831f471b6d086970a10e1581
884
search (1).exe
C:\Windows\System32\GroupPolicy\gpt.ini
text
MD5: 0e784516f2abedfd88a7f2d4810fdfd9
SHA256: a5126a1be173ee7ee43a7c23d49422449538e17795bebf772d488c535de86fe7
884
search (1).exe
C:\Windows\System32\GroupPolicy\GPT.INI
text
MD5: 0e784516f2abedfd88a7f2d4810fdfd9
SHA256: a5126a1be173ee7ee43a7c23d49422449538e17795bebf772d488c535de86fe7
884
search (1).exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
––
MD5:  ––
SHA256:  ––
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search-metadata.json
text
MD5: 5fe3a1f513a43effe74696abbd150720
SHA256: fc38912c32c3748fc55346281b28ecedcc4b2d56cd6bef43b15971b52bf5f6df
1216
search (1).exe
C:\Windows\System32\GroupPolicy\gpt.ini
text
MD5: 0d210c5b46142912ac25b527969bb446
SHA256: 6dd1a2813c317c320c22e5980b99ed8545ee764c7b0e1ce3b632f54f2dcd8038
884
search (1).exe
C:\Users\admin\AppData\Local\Mail.Ru\Sputnik\Report\3DD21
binary
MD5: 8381406ead7279acb246eb97da5db376
SHA256: ab532f57ce145fce750450baa640513a3dce7727022051bd9d9940a92b8a1cc6
884
search (1).exe
C:\Windows\System32\GroupPolicy\gpt.ini
text
MD5: 0d210c5b46142912ac25b527969bb446
SHA256: 6dd1a2813c317c320c22e5980b99ed8545ee764c7b0e1ce3b632f54f2dcd8038
884
search (1).exe
C:\Users\admin\Favorites\Mail.Ru Агент - используй для общения!.url
text
MD5: c748e3c222863e590bed515baa1fd2bb
SHA256: 01ab0b618cbe81bd8602b21ad10b20953dd4c7ce635e136fd7a40688a93178fe
884
search (1).exe
C:\Users\admin\Favorites\Mail.Ru.url
text
MD5: c48288674af90ab27b68ecb1f025a6a5
SHA256: b178fe4c547accd2c899e9cda5a7cd359b1cdf6d0209da211f09b0d76e810e61
884
search (1).exe
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
binary
MD5: db4a7ed73d5af65fc281002cd6f2d1d9
SHA256: 32f4408d218a4644b98ddcee2919dc8b185a7551c6e59d9a66adfdc871b32e3d
884
search (1).exe
C:\Windows\System32\GroupPolicy\GPT.INI
text
MD5: 0d210c5b46142912ac25b527969bb446
SHA256: 6dd1a2813c317c320c22e5980b99ed8545ee764c7b0e1ce3b632f54f2dcd8038
884
search (1).exe
C:\Windows\System32\GroupPolicy\User\Registry.pol
binary
MD5: 8e1b08222f20e45a3e8db04c569f9cb7
SHA256: 5bb1f21f806938a043563024b13b33d74a2b95b767c5f81bde8456e9d0413a89
884
search (1).exe
C:\Users\admin\AppData\Local\Temp\ie.reg
text
MD5: 5baf35c179cd90e85f7f32b51c5ce2b9
SHA256: 86960aa4a276ba2eb75796e5a05c071e68e43b3a61ee627e4184c56f026d622a
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 861685c7344c5271304cb4fe9eed7be1
SHA256: 1b3e961a1b65afa89b3443f04d4daaa499af2172a7c14525b4b485948d03a767
884
search (1).exe
C:\Users\admin\AppData\Local\Mail.Ru\Sputnik\Report\C4C31
binary
MD5: afb485460639f6662d7c29312e9c1a19
SHA256: 9c874ddc279c681f98e8e851259283e4f99190d7dae757835dd31c75f190502b
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
text
MD5: 25392c5b669bd491056603b536507d6c
SHA256: 539af5663d4359a8ea69c7aac5ae11fb272a6797883395ea765658cc07d1e452
884
search (1).exe
C:\Users\admin\AppData\Local\Temp\6ec6-8ae3-52f3-2f5a\mrsearch
compressed
MD5: 88d0066d2934121ca8d3f05794d932e2
SHA256: 85f72afbb60794b9c9cfb5c622d29a88c94ab4574ff2a0f2b8d129f873149d29
3304
cscript.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mail.Ru.lnk
lnk
MD5: bd06a070b14513257a8df554fc4b7569
SHA256: 1950aebcabdb7d56f3d63af32be5913251819868b4f2f017f502888432bb43db
884
search (1).exe
C:\Windows\System32\GroupPolicy\gpt.ini
text
MD5: 6427e1627fb697e73df506a2b5f77d72
SHA256: 3d7852515a0bf5fb21e7bd617587b28631bf49dfe21ba731d567c4c55a6f2f16
884
search (1).exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
text
MD5: 0728ba0f0dc270ce2a4bddf09a9d5414
SHA256: 493af41de90b468ced15af2e1e626695d6635b018112e324693c3791ce00769e
884
search (1).exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini
text
MD5: 606784a41e29791bc11fe8431c73da1d
SHA256: 06d2c85b2f0cc20cdf5ca78cfc3a284afcb9f17e5df364502bc4a7899684bc9e
884
search (1).exe
C:\Users\admin\AppData\Roaming\Opera\Opera\search.ini
ini
MD5: 62a6088b37a0b42ec9902d1900d14c4a
SHA256: 44771e9699c16851a759d9352e9da48bf3a80840baf1c9b803b96e48716a50fb
884
search (1).exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr
text
MD5: bfa0618f6377d87cf7bf1df4b04c2eb6
SHA256: b5bf034fc0bc4fd40bb6dd7b427fedc7933e98a4ac289e67998f186156cd7488
1216
search (1).exe
C:\Users\admin\AppData\Local\Temp\Mail.Ru.lnk
lnk
MD5: bd06a070b14513257a8df554fc4b7569
SHA256: 1950aebcabdb7d56f3d63af32be5913251819868b4f2f017f502888432bb43db
1216
search (1).exe
C:\Users\admin\AppData\Local\Temp\shortcut.js
text
MD5: 30c7329ea2ad7d5755615483a06db9bd
SHA256: 62adf3ad3c635d386e0f322c720f3202780601b62c7d6a0787485e5b06c0c21c
1216
search (1).exe
C:\Users\admin\AppData\Local\Mail.Ru\Sputnik\MailRu.ico
image
MD5: e7cfa1bfe9c13a86691e861681d849ae
SHA256: 2311a2efa572b3149cb6c662c894ebf09a591eb50b3c792c5bc14aa7065b078b
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\searchplugins\mailru.xml
text
MD5: 3f7deba9bc76f24135cc146bea11be02
SHA256: 28050d0cb0521ad10647918a6b98f0503777166d387e078227dbad3ef7c4ca4e
884
search (1).exe
C:\Users\admin\Desktop\Искать в Интернете.url
text
MD5: 7738f10ef0a5bab83f502703b8a0a221
SHA256: a7c4417bddcfaa22d978f1e39a8a54fb583bb2bdee89a0050214934ef0caa349
884
search (1).exe
C:\Users\admin\AppData\Local\Mail.Ru\GoMailRu.ico
image
MD5: e7cfa1bfe9c13a86691e861681d849ae
SHA256: 2311a2efa572b3149cb6c662c894ebf09a591eb50b3c792c5bc14aa7065b078b
884
search (1).exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.tmp
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
32
TCP/UDP connections
37
DNS requests
10
Threats
19

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=install&GUID=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&tool=sputnik&bgn=1&standalone=1&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=8&elapsed_time=0&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET 503 217.69.139.247:80 http://xml.binupdate.mail.ru/cache_policy.mrdj RU
html
shared
884 search (1).exe GET 200 217.69.139.247:80 http://xml.binupdate.mail.ru/sputnik/spmrids.mrdj RU
binary
shared
1216 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=install&GUID=%7B9C901476-BFB2-4FC6-9A5D-9C3936CDE8A2%7D&tool=sputnik&uacpass=1&standalone=1&uacenabled=1&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=6&elapsed_time=0&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET 200 217.69.139.247:80 http://xml.binupdate.mail.ru/sputnik/spmrids.mrdj RU
binary
shared
884 search (1).exe GET 200 94.100.180.110:80 http://xtnmailru.cdnmail.ru/go_iedse2.7z RU
compressed
malicious
1216 search (1).exe GET –– 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=install&GUID=%7B9C901476-BFB2-4FC6-9A5D-9C3936CDE8A2%7D&tool=sputnik&success=1&ieovr=0&ffvbm=0&br=ie&brver=8.00&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=9&elapsed_time=3&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
1216 search (1).exe GET 503 217.69.139.247:80 http://xml.binupdate.mail.ru/cache_policy.mrdj RU
html
shared
1216 search (1).exe GET 200 217.69.139.247:80 http://xml.binupdate.mail.ru/guard/mrids.mrdj?masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&tool=sputnik&guid=%7B9C901476-BFB2-4FC6-9A5D-9C3936CDE8A2%7D&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=9&elapsed_time=3&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
binary
shared
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=dse&guid=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&sig=423316123&br=ie&ovr=0&ovr_extid=&ext_act=&tool=sputnik&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=13&elapsed_time=25&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
1216 search (1).exe GET 200 217.69.139.247:80 http://xml.binupdate.mail.ru/guard/mrids.mrdj?masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&tool=sputnik&guid=%7B9C901476-BFB2-4FC6-9A5D-9C3936CDE8A2%7D&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=10&elapsed_time=7&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
binary
shared
1216 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=installed_product&GUID=%7B9C901476-BFB2-4FC6-9A5D-9C3936CDE8A2%7D&tool=sputnik&kind=ie_xtndse&product_id=%7B5D9E6E17-260E-4553-B37A-FF772A972D11%7D&version=3.12.0.19&state=1&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=11&elapsed_time=8&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET –– 217.69.139.247:80 http://xml.binupdate.mail.ru/guard/mrids.mrdj?masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&tool=sputnik&guid=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=13&elapsed_time=42&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
shared
884 search (1).exe GET –– 94.100.180.110:80 http://xtnmailru.cdnmail.ru/go_ffhp1.7z RU
––
––
malicious
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=homepage&guid=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&sig=423316123&br=ie&ovr=0&ovr_extid=&ext_act=&tool=sputnik&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=14&elapsed_time=42&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET 200 94.100.180.110:80 http://xtnmailru.cdnmail.ru/go_ffvbm1.7z RU
compressed
malicious
1216 search (1).exe GET –– 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=installed_product&GUID=%7B9C901476-BFB2-4FC6-9A5D-9C3936CDE8A2%7D&tool=sputnik&kind=ie_setdse&product_id=%7B51ED9080-A041-4D0A-8275-8A98E8DF8425%7D&version=&state=1&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=11&elapsed_time=8&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET –– 217.69.139.247:80 http://xml.binupdate.mail.ru/guard/mrids.mrdj?masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&tool=sputnik&guid=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=14&elapsed_time=48&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
shared
884 search (1).exe GET –– 217.69.139.247:80 http://xml.binupdate.mail.ru/guard/mrids.mrdj?masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&tool=sputnik&guid=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=14&elapsed_time=48&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
shared
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=prog_set&GUID=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&tool=sputnik&target=ie&prog=xtn_dse&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=13&elapsed_time=25&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=prog_set&GUID=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&tool=sputnik&target=ch&prog=xtn_dse&event=try&mr_ext=jedelkhanefmcnpappfhachbpnlhomai&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=13&elapsed_time=42&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=prog_set&GUID=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&tool=sputnik&target=ch&prog=xtn_homepage&event=try&mr_ext=gdknicmnhbaajdglbinpahhapghpakch&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=14&elapsed_time=42&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=prog_set&GUID=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&tool=sputnik&target=ch&prog=xtn_vbm&event=try&mr_ext=pganlglbhgfjfgopijbhemcpbehjnpia&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=14&elapsed_time=42&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=prog_set&GUID=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&tool=sputnik&target=ff&prog=xtn_hp&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=14&elapsed_time=43&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=prog_set&GUID=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&tool=sputnik&target=ff&prog=xtn_vbm&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=14&elapsed_time=46&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=install&GUID=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&tool=sputnik&success=1&ieovr=0&ffvbm=1&br=ie&brver=8.00&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=14&elapsed_time=48&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=installed_product&GUID=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&tool=sputnik&kind=ch_setdse&product_id=%7B86BF474D-4717-463C-AD5F-1AB1E1930771%7D&version=&state=1&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=14&elapsed_time=48&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=installed_product&GUID=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&tool=sputnik&kind=ff_xtnvbm&product_id=%7B2C0D633F-E3D7-49CE-A3D0-E59C54D7794A%7D&version=1.0.0.52&state=1&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=15&elapsed_time=48&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=installed_product&GUID=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&tool=sputnik&kind=ff_xtnhp&product_id=%7BE2F3A7DE-F8C5-4186-96C2-5A6A4349565E%7D&version=1.0.3&state=1&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=15&elapsed_time=49&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=installed_product&GUID=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&tool=sputnik&kind=ff_setdse&product_id=%7B9740C23E-43EA-47B3-8237-00AEE005479A%7D&version=&state=1&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=15&elapsed_time=49&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=installed_product&GUID=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&tool=sputnik&kind=ie_xtndse&product_id=%7B5D9E6E17-260E-4553-B37A-FF772A972D11%7D&version=3.12.0.19&state=1&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=15&elapsed_time=49&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious
884 search (1).exe GET –– 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=installed_product&GUID=%7BD7A76D48-7FDF-42A7-9EEC-529D82C170E8%7D&tool=sputnik&kind=ie_setdse&product_id=%7B51ED9080-A041-4D0A-8275-8A98E8DF8425%7D&version=&state=1&masterid=%7BB74C1B9B-0D6E-4655-BAE0-252B8AA356CE%7D&user_id=%7B37291874-0C3D-4CBF-B508-BCD5860D91AB%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=2.22.1.129&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=15&elapsed_time=49&ch_secpref=1&ch_sync_settings=0&ch_sync_ext=0&rfr=&rfr_dse=&rfr_hp=&rfr_vbm=&mr_service=0 RU
––
––
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
884 search (1).exe 217.69.139.110:80 Limited liability company Mail.Ru RU malicious
884 search (1).exe 217.69.139.245:80 Limited liability company Mail.Ru RU malicious
884 search (1).exe 217.69.139.247:80 Limited liability company Mail.Ru RU malicious
884 search (1).exe 94.100.180.110:80 Limited liability company Mail.Ru RU suspicious
1216 search (1).exe 217.69.139.245:80 Limited liability company Mail.Ru RU malicious
1216 search (1).exe 217.69.139.247:80 Limited liability company Mail.Ru RU malicious

DNS requests

Domain IP Reputation
mailruupdater.cdnmail.ru 217.69.139.110
malicious
mrds.mail.ru 217.69.139.245
malicious
xml.binupdate.mail.ru 217.69.139.247
shared
xtnmailru.cdnmail.ru 94.100.180.110
malicious

Threats

PID Process Class Message
884 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
884 search (1).exe A Network Trojan was detected ET TROJAN W32/Fullstuff Initial Checkin
1216 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
1216 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
1216 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
1216 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
884 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
884 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
884 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
884 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
884 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
884 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
884 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
884 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
884 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
884 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
884 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
884 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
884 search (1).exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)

Debug output strings

Process Message
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>
search (1).exe sAbsolutePath: <C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\5837-6494-dc8c-7a56\lib\version.js>