General Info

File name

SAMPLE.zip

Full analysis
https://app.any.run/tasks/d02c6fab-b866-4b30-8567-01214da2f36c
Verdict
Malicious activity
Analysis date
7/11/2019, 22:50:42
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

adware

pup

Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

a5942ce6165e7f6fdc34fd3d75cc7f84

SHA1

1874aaf88b7591d092328e3095070c449c88efdf

SHA256

d84d470453cde79f2dc9fb7f0242f0019e72dbc5c24492cd552855a0b95eef4c

SSDEEP

24576:G9VMZZHiPhu/uPfW9Xb+Y651w6BzlJJrcgsOI6cldYIyXyZP:6V2iZu/uXW2GCBjrcNOJZI6yZP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • MailRuUpdater.exe (PID: 3400)
  • MailRuUpdater.exe (PID: 2360)
  • MailRuUpdater.exe (PID: 1916)
  • MailRuUpdater.exe (PID: 2464)
  • MailRuUpdater.exe (PID: 1636)
  • 768b-df4b-a225-e7e2 (PID: 2828)
  • mrupdsrv.exe (PID: 3800)
  • MailRuUpdater.exe (PID: 1312)
  • MailRuUpdater.exe (PID: 2972)
  • na_runner.exe (PID: 1468)
  • mail.exe (PID: 3404)
  • mail.exe (PID: 3772)
Loads the Task Scheduler COM API
  • MailRuUpdater.exe (PID: 2360)
  • na_runner.exe (PID: 1468)
Changes the autorun value in the registry
  • MailRuUpdater.exe (PID: 2360)
  • mail.exe (PID: 3404)
  • na_runner.exe (PID: 1468)
Loads dropped or rewritten executable
  • regsvr32.exe (PID: 2264)
Disables Windows Defender
  • mail.exe (PID: 3404)
Connects to CnC server
  • MailRuUpdater.exe (PID: 2972)
  • mail.exe (PID: 3404)
Registers / Runs the DLL via REGSVR32.EXE
  • mail.exe (PID: 3404)
MAILRU was detected
  • MailRuUpdater.exe (PID: 2972)
  • mail.exe (PID: 3404)
Changes Windows auto-update feature
  • mail.exe (PID: 3404)
Executable content was dropped or overwritten
  • MailRuUpdater.exe (PID: 2360)
  • MailRuUpdater.exe (PID: 1312)
  • MailRuUpdater.exe (PID: 1916)
  • regsvr32.exe (PID: 2264)
  • 768b-df4b-a225-e7e2 (PID: 2828)
  • MailRuUpdater.exe (PID: 2972)
  • na_runner.exe (PID: 1468)
  • mail.exe (PID: 3404)
Changes the started page of IE
  • mail.exe (PID: 3404)
Removes files from Windows directory
  • MailRuUpdater.exe (PID: 1916)
  • MailRuUpdater.exe (PID: 1636)
  • MailRuUpdater.exe (PID: 2972)
Creates a software uninstall entry
  • MailRuUpdater.exe (PID: 2360)
  • na_runner.exe (PID: 1468)
Starts itself from another location
  • MailRuUpdater.exe (PID: 2360)
  • na_runner.exe (PID: 1468)
Executed as Windows Service
  • MailRuUpdater.exe (PID: 1636)
  • mrupdsrv.exe (PID: 3800)
  • MailRuUpdater.exe (PID: 2464)
  • MailRuUpdater.exe (PID: 2972)
Creates files in the Windows directory
  • mail.exe (PID: 3404)
  • mrupdsrv.exe (PID: 3800)
  • MailRuUpdater.exe (PID: 2972)
Creates COM task schedule object
  • regsvr32.exe (PID: 2264)
Starts application with an unusual extension
  • MailRuUpdater.exe (PID: 2972)
Creates files in the program directory
  • 768b-df4b-a225-e7e2 (PID: 2828)
  • na_runner.exe (PID: 1468)
  • MailRuUpdater.exe (PID: 1312)
  • mail.exe (PID: 3404)
Creates files in the user directory
  • MailRuUpdater.exe (PID: 1312)
  • mail.exe (PID: 3404)
Reads the cookies of Mozilla Firefox
  • mail.exe (PID: 3404)
Reads the cookies of Google Chrome
  • mail.exe (PID: 3404)
Application launched itself
  • mail.exe (PID: 3772)
Reads settings of System Certificates
  • MailRuUpdater.exe (PID: 3400)
  • MailRuUpdater.exe (PID: 1312)
Manual execution by user
  • mail.exe (PID: 3772)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
788
ZipBitFlag:
0x0001
ZipCompression:
Deflated
ZipModifyDate:
2019:07:11 20:50:12
ZipCRC:
0x0845c3e2
ZipCompressedSize:
1072075
ZipUncompressedSize:
2113312
ZipFileName:
25ceeaed228c2d7c08bad41362ad6619c243324ad8a0e05c75d3672e96373bed.bin

Screenshots

Processes

Total processes
55
Monitored processes
14
Malicious processes
6
Suspicious processes
4

Behavior graph

+
start drop and start drop and start drop and start drop and start drop and start drop and start winrar.exe no specs mail.exe no specs #MAILRU mail.exe na_runner.exe mailruupdater.exe #MAILRU mailruupdater.exe 768b-df4b-a225-e7e2 mrupdsrv.exe regsvr32.exe mailruupdater.exe mailruupdater.exe mailruupdater.exe mailruupdater.exe mailruupdater.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2708
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SAMPLE.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
3772
CMD
"C:\Users\admin\Desktop\mail.exe"
Path
C:\Users\admin\Desktop\mail.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
sputnik
Version
5.1.0.194
Modules
Image
c:\users\admin\desktop\mail.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\version.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mpr.dll

PID
3404
CMD
"C:\Users\admin\Desktop\mail.exe" --elevation
Path
C:\Users\admin\Desktop\mail.exe
Indicators
Parent process
mail.exe
User
admin
Integrity Level
HIGH
Exit code
3221225547
Version:
Company
Description
sputnik
Version
5.1.0.194
Modules
Image
c:\users\admin\desktop\mail.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\version.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\winsta.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\rundll32.exe
c:\windows\system32\sxs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\mssprxy.dll
c:\users\admin\appdata\local\temp\3c61-94c9-4d98-ebcb\na_runner.exe
c:\windows\system32\gpedit.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\atl.dll
c:\windows\system32\dsuiext.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\dssec.dll
c:\windows\system32\authz.dll
c:\windows\system32\dfscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\framedynos.dll
c:\users\admin\appdata\local\mail.ru\gochromiumnativehost\native_host_app.exe
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mydocs.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\regsvr32.exe
c:\windows\system32\wfs.exe
c:\windows\system32\wfsr.dll

PID
1468
CMD
"C:\Users\admin\AppData\Local\Temp\3c61-94c9-4d98-ebcb\na_runner.exe" --install
Path
C:\Users\admin\AppData\Local\Temp\3c61-94c9-4d98-ebcb\na_runner.exe
Indicators
Parent process
mail.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Mail.Ru
Description
Mail.Ru updater
Version
5.0.0.176
Modules
Image
c:\users\admin\appdata\local\temp\3c61-94c9-4d98-ebcb\na_runner.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\mail.ru\mailruupdater.exe

PID
1312
CMD
"C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe"
Path
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe
Indicators
Parent process
na_runner.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Mail.Ru
Description
Mail.Ru updater
Version
5.0.0.176
Modules
Image
c:\users\admin\appdata\local\mail.ru\mailruupdater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\mozilla firefox\firefox.exe
c:\users\admin\appdata\local\temp\1f46-f56e-a6c4-b9a5
c:\windows\system32\apphelp.dll

PID
2972
CMD
"C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe" --s
Path
C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Mail.Ru
Description
Mail.Ru updater
Version
5.0.0.176
Modules
Image
c:\program files\mail.ru\mailruupdater\mailruupdater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\apphelp.dll
c:\windows\temp\768b-df4b-a225-e7e2
c:\windows\temp\a0b7-a7a6-3a03-da08

PID
2828
CMD
"C:\Windows\TEMP\768b-df4b-a225-e7e2" --install
Path
C:\Windows\TEMP\768b-df4b-a225-e7e2
Indicators
Parent process
MailRuUpdater.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Mail.Ru
Description
Mail.Ru Update Service
Version
3.12.0.10
Modules
Image
c:\windows\temp\768b-df4b-a225-e7e2
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\winsta.dll

PID
3800
CMD
"C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe" --s
Path
C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Mail.Ru
Description
Mail.Ru Update Service
Version
3.12.0.10
Modules
Image
c:\program files\mail.ru\update service\mrupdsrv.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
2264
CMD
"C:\Windows\System32\regsvr32.exe" /s "C:\Users\admin\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll"
Path
C:\Windows\System32\regsvr32.exe
Indicators
Parent process
mail.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\users\admin\appdata\local\mail.ru\sputnik\ie_addon_dll.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\atl.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
2360
CMD
"C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater\us\2d0cd78004_d\MailRuUpdater.exe" --update-installation
Path
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater\us\2d0cd78004_d\MailRuUpdater.exe
Indicators
Parent process
MailRuUpdater.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Mail.Ru
Description
Mail.Ru updater
Version
5.1.0.195
Modules
Image
c:\users\admin\appdata\local\mail.ru\mailruupdater\us\2d0cd78004_d\mailruupdater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\mail.ru\mailruupdater.exe

PID
1916
CMD
"C:\Windows\system32\config\systemprofile\AppData\Local\Mail.Ru\MailRuUpdater\us\336327ca85_d\MailRuUpdater.exe" --us
Path
C:\Windows\system32\config\systemprofile\AppData\Local\Mail.Ru\MailRuUpdater\us\336327ca85_d\MailRuUpdater.exe
Indicators
Parent process
MailRuUpdater.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
1
Version:
Company
Mail.Ru
Description
Mail.Ru updater
Version
5.1.0.195
Modules
Image
c:\windows\system32\config\systemprofile\appdata\local\mail.ru\mailruupdater\us\336327ca85_d\mailruupdater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll

PID
2464
CMD
"C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe" --s
Path
C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Mail.Ru
Description
Mail.Ru updater
Version
5.1.0.195
Modules
Image
c:\program files\mail.ru\mailruupdater\mailruupdater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
3400
CMD
"C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe"
Path
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe
Indicators
Parent process
MailRuUpdater.exe
User
admin
Integrity Level
HIGH
Version:
Company
Mail.Ru
Description
Mail.Ru updater
Version
5.1.0.195
Modules
Image
c:\users\admin\appdata\local\mail.ru\mailruupdater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
1636
CMD
"C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe" --s
Path
C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Mail.Ru
Description
Mail.Ru updater
Version
5.1.0.195
Modules
Image
c:\program files\mail.ru\mailruupdater\mailruupdater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

Registry activity

Total events
2077
Read events
1213
Write events
749
Delete events
115

Modification events

PID
Process
Operation
Key
Name
Value
2708
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2708
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2708
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
2708
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\SAMPLE.zip
2708
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2708
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2708
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2708
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2708
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface
ShowPassword
0
3772
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3772
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3B92558C-ED6E-4739-805C-B4835927D652}User
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3B92558C-ED6E-4739-805C-B4835927D652}Machine
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3B92558C-ED6E-4739-805C-B4835927D652}Machine\Software
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3B92558C-ED6E-4739-805C-B4835927D652}Machine\Software\Policies
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3B92558C-ED6E-4739-805C-B4835927D652}Machine\Software\Policies\Microsoft
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3B92558C-ED6E-4739-805C-B4835927D652}Machine\Software\Policies\Microsoft\Windows
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3B92558C-ED6E-4739-805C-B4835927D652}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3B92558C-ED6E-4739-805C-B4835927D652}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3B92558C-ED6E-4739-805C-B4835927D652}Machine\Software\Policies\Microsoft\Windows Defender
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3B92558C-ED6E-4739-805C-B4835927D652}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A003EF2C-7D69-48A1-9409-FF134ED63CC5}User
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A003EF2C-7D69-48A1-9409-FF134ED63CC5}Machine
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A003EF2C-7D69-48A1-9409-FF134ED63CC5}Machine\Software
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A003EF2C-7D69-48A1-9409-FF134ED63CC5}Machine\Software\Policies
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A003EF2C-7D69-48A1-9409-FF134ED63CC5}Machine\Software\Policies\Microsoft
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A003EF2C-7D69-48A1-9409-FF134ED63CC5}Machine\Software\Policies\Microsoft\Windows
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A003EF2C-7D69-48A1-9409-FF134ED63CC5}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A003EF2C-7D69-48A1-9409-FF134ED63CC5}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A003EF2C-7D69-48A1-9409-FF134ED63CC5}Machine\Software\Policies\Microsoft\Windows Defender
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A003EF2C-7D69-48A1-9409-FF134ED63CC5}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{B356C463-D273-4122-AD4C-CECE0A7C5FDE}User
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{B356C463-D273-4122-AD4C-CECE0A7C5FDE}Machine
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{B356C463-D273-4122-AD4C-CECE0A7C5FDE}Machine\Software
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{B356C463-D273-4122-AD4C-CECE0A7C5FDE}Machine\Software\Policies
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{B356C463-D273-4122-AD4C-CECE0A7C5FDE}Machine\Software\Policies\Microsoft
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{B356C463-D273-4122-AD4C-CECE0A7C5FDE}Machine\Software\Policies\Microsoft\Windows
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{B356C463-D273-4122-AD4C-CECE0A7C5FDE}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{B356C463-D273-4122-AD4C-CECE0A7C5FDE}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{B356C463-D273-4122-AD4C-CECE0A7C5FDE}Machine\Software\Policies\Microsoft\Windows Defender
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{B356C463-D273-4122-AD4C-CECE0A7C5FDE}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8CF376AD-75CE-44A5-B009-3932CF845BA7}User
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8CF376AD-75CE-44A5-B009-3932CF845BA7}Machine
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8CF376AD-75CE-44A5-B009-3932CF845BA7}Machine\Software
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8CF376AD-75CE-44A5-B009-3932CF845BA7}Machine\Software\Policies
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8CF376AD-75CE-44A5-B009-3932CF845BA7}Machine\Software\Policies\Microsoft
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8CF376AD-75CE-44A5-B009-3932CF845BA7}Machine\Software\Policies\Microsoft\Windows
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8CF376AD-75CE-44A5-B009-3932CF845BA7}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8CF376AD-75CE-44A5-B009-3932CF845BA7}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8CF376AD-75CE-44A5-B009-3932CF845BA7}Machine\Software\Policies\Microsoft\Windows Defender
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8CF376AD-75CE-44A5-B009-3932CF845BA7}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0B160B06-E0C7-4EE9-9D8A-022B9965629B}User
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0B160B06-E0C7-4EE9-9D8A-022B9965629B}Machine
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0B160B06-E0C7-4EE9-9D8A-022B9965629B}Machine\Software
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0B160B06-E0C7-4EE9-9D8A-022B9965629B}Machine\Software\Policies
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0B160B06-E0C7-4EE9-9D8A-022B9965629B}Machine\Software\Policies\Microsoft
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0B160B06-E0C7-4EE9-9D8A-022B9965629B}Machine\Software\Policies\Microsoft\Windows
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0B160B06-E0C7-4EE9-9D8A-022B9965629B}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0B160B06-E0C7-4EE9-9D8A-022B9965629B}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0B160B06-E0C7-4EE9-9D8A-022B9965629B}Machine\Software\Policies\Microsoft\Windows Defender
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0B160B06-E0C7-4EE9-9D8A-022B9965629B}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{13F90F3F-51DD-4D5E-A1B9-D396DAB416C4}User
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{13F90F3F-51DD-4D5E-A1B9-D396DAB416C4}Machine
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{13F90F3F-51DD-4D5E-A1B9-D396DAB416C4}Machine\Software
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{13F90F3F-51DD-4D5E-A1B9-D396DAB416C4}Machine\Software\Policies
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{13F90F3F-51DD-4D5E-A1B9-D396DAB416C4}Machine\Software\Policies\Microsoft
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{13F90F3F-51DD-4D5E-A1B9-D396DAB416C4}Machine\Software\Policies\Microsoft\Windows
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{13F90F3F-51DD-4D5E-A1B9-D396DAB416C4}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{13F90F3F-51DD-4D5E-A1B9-D396DAB416C4}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{13F90F3F-51DD-4D5E-A1B9-D396DAB416C4}Machine\Software\Policies\Microsoft\Windows Defender
3404
mail.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{13F90F3F-51DD-4D5E-A1B9-D396DAB416C4}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech
UserID
{A393C707-0C17-490F-946A-88557E5D9868}
3404
mail.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3404
mail.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
3404
mail.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
3404
mail.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@sendmail.dll,-4
Mail recipient
3404
mail.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
Favorites
007C01000014001F80C827341F105C1042AA032EE45287D6685200310000000000454B864A11005461736B426172003C0008000400EFBE454B864A454B864A2A000000603E00000000040000000000000000000000000000005400610073006B00420061007200000016001401320085050000454B864A2000494E5445524E7E312E4C4E4B0000A60008000400EFBE454B864A454B864A2A000000613E000000000400000000000000000056000000000049006E007400650072006E006500740020004500780070006C006F007200650072002E006C006E006B000000400043003A005C00570069006E0064006F00770073005C00530079007300740065006D00330032005C00690065003400750069006E00690074002E006500780065002C002D0037003300310000001C00520000001D00EFBE02004D006900630072006F0073006F00660074002E0049006E007400650072006E00650074004500780070006C006F007200650072002E00440065006600610075006C00740000001C000000007601000014001F80C827341F105C1042AA032EE45287D6685200310000000000454B864A11005461736B426172003C0008000400EFBE454B864A454B864A2A000000603E00000000040000000000000000000000000000005400610073006B00420061007200000016000E013200CC040000EE3AB624200057494E444F577E312E4C4E4B00007E0008000400EFBE454B864A454B864A2A000000673E0000000005000000000000000000540000000000570069006E0064006F007700730020004500780070006C006F007200650072002E006C006E006B00000040007300680065006C006C00330032002E0064006C006C002C002D003200320030003600370000001C00740000001D00EFBE02007B00460033003800420046003400300034002D0031004400340033002D0034003200460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E0065007800650000001C000000007801000014001F80C827341F105C1042AA032EE45287D6685200310000000000454B864A11005461736B426172003C0008000400EFBE454B864A454B864A2A000000603E00000000040000000000000000000000000000005400610073006B004200610072000000160010013200EB050000743D33AD200057494E444F577E322E4C4E4B0000A80008000400EFBE454B864A454B864A2A0000006B3E00000000050000000000000000005C0000000000570069006E0064006F007700730020004D006500640069006100200050006C0061007900650072002E006C006E006B000000400043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C0075006E007200650067006D00700032002E006500780065002C002D00340000001C004C0000001D00EFBE02004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004D00650064006900610050006C0061007900650072003300320000001C00000000EE00000014001F80C827341F105C1042AA032EE45287D66852003100000000001C4D7D5911005461736B426172003C0008000400EFBE454B864A1C4D7D592A000000603E00000000040000000000000000000000000000005400610073006B0042006100720000001600860032007A0800001C4D59592000474F4F474C457E312E4C4E4B0000500008000400EFBE1C4D7D591C4D7D592A00000097C0000000000100000000000000000000000000000047006F006F0067006C00650020004300680072006F006D0065002E006C006E006B0000001C001A0000001D00EFBE02004300680072006F006D00650000001C000000005201000014001F80C827341F105C1042AA032EE45287D66852003100000000001C4DD15D11005461736B426172003C0008000400EFBE454B864A1C4DD15D2A000000603E00000000040000000000000000000000000000005400610073006B0042006100720000001600EA003200FB0600001C4DD05D20004F50455241317E312E4C4E4B0000540008000400EFBE1C4DD15D1C4DD15D2A000000E6C600000000010000000000000000000000000000004F007000650072006100310032002E0031003500200031003700340038002E006C006E006B0000001C007A0000001D00EFBE02007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C004F0070006500720061005C006F0070006500720061002E0065007800650000001C000000005201000014001F80C827341F105C1042AA032EE45287D6685200310000000000EB4E70A611005461736B426172003C0008000400EFBE454B864AEB4E70A62A000000603E00000000040000000000000000000000000000005400610073006B0042006100720000001600EA00320089070000EB4E70A620004D41494C52557E312E4C4E4B0000440008000400EFBEEB4E70A6EB4E70A62A000000ECCA00000000040000000000000000000000000000004D00610069006C002E00520075002E006C006E006B0000001C008A0000001D00EFBE02004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00320038004300390035004300460038002D0038003100370046002D0039003600440043002D0046004300350046002D003200350037003600340034003800410035003800320042007D0000001C000000FF
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
FavoritesChanges
10
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
FavoritesVersion
2
3404
mail.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
62
3404
mail.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
63
3404
mail.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
64
3404
mail.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
65
3404
mail.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
66
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
mailruhomesearch
"C:\Users\admin\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3B92558C-ED6E-4739-805C-B4835927D652}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3B92558C-ED6E-4739-805C-B4835927D652}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3B92558C-ED6E-4739-805C-B4835927D652}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3B92558C-ED6E-4739-805C-B4835927D652}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
3404
mail.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iepoegkaoeljnbhagabakjodgpfniimo
update_url
https://clients2.google.com/service/update2/crx
3404
mail.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\hjdkfkdkokphfploiiddakjokndinfgb
update_url
https://clients2.google.com/service/update2/crx
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A003EF2C-7D69-48A1-9409-FF134ED63CC5}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A003EF2C-7D69-48A1-9409-FF134ED63CC5}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A003EF2C-7D69-48A1-9409-FF134ED63CC5}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A003EF2C-7D69-48A1-9409-FF134ED63CC5}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{B356C463-D273-4122-AD4C-CECE0A7C5FDE}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{B356C463-D273-4122-AD4C-CECE0A7C5FDE}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{B356C463-D273-4122-AD4C-CECE0A7C5FDE}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{B356C463-D273-4122-AD4C-CECE0A7C5FDE}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ExternalES\ch\iepoegkaoeljnbhagabakjodgpfniimo
CB5E3106FC7418337191EFA58C2033C50BB0736198061855D5ED90D9CBADA630A9645DB463DB5E57903E551DDAB2148814CA724E27357A080C44ECE83DF2F78254719D330AEE295CCA0FABE5E7C2AAB8354C2879FDF07E2884B85BDFDB534CF41A5643CE10251123673CEE56CAAE92F1AFBFDAAF9F81AD1F4301BF7D406F676C8D047D1C58512D52E193399C0AFFA551502FCE326AAAB701B07313028683C51F4363FB22D446D45E33382B901205A14568361B87CFDD482B1A8A211BE6767CDF4356F08AE0BA82C7482A99F85126F779A403DFE4D840F56272EC580B34344A6456155968D8E486063529096E2589F28DD5ECC50967313BA7A6604901EEBA62DA3E6671DC3FAC181DF92720D75DF3F75233382B901205A145AD42274F7AFFD20991128F63D74003BD0CB67D9E0E1AE0B22BE5C451AA539FB80D33E64999305BABA5B0D8F90F7838A3ADE2CBA63576B99C46C58A9F827A959C89EAA259A1EADA4C1D1A113A72C02C017F9C7530ECA1B3EAEDBB48D5320896C69E6EA2B80FD9EEF3CD8F32AE15ECAAB4A0A7775C1EFD89B50D33E64999305BAB2F74610312F88770E6B8357B45524512673CEE56CAAE92F154C74D82D88AA2CB1FEFDF4F1AAD98F662352ED9DC5518DBFC74A70F2458B67134955010BC20EA4F1A95150E1A7A44842522E3DF3CEA476F81BA2FBC955E328A03F334B099C801DCD0DBCF7A246BBF39
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ExternalES\ch\hjdkfkdkokphfploiiddakjokndinfgb
CB5E3106FC7418337191EFA58C2033C50BB0736198061855D5ED90D9CBADA630A9645DB463DB5E57785608B0EE818ECE2829606C9A08ED88B2AA4B1EE6F842F7830E25404D461D02B75EAF7CFC2CAEBDC41A43F4762F32DE84B85BDFDB534CF41A5643CE10251123673CEE56CAAE92F1AFBFDAAF9F81AD1F4301BF7D406F676C8D047D1C58512D52E193399C0AFFA551502FCE326AAAB701B07313028683C51F4363FB22D446D45E33382B901205A14568361B87CFDD482B1A8A211BE6767CDF4356F08AE0BA82C7482A99F85126F779A403DFE4D840F56272EC580B34344A6456155968D8E486063529096E2589F28DD5ECC50967313BA7A6604901EEBA62DA3E6671DC3FAC181DF92720D75DF3F75233382B901205A145AD42274F7AFFD20991128F63D74003BD0CB67D9E0E1AE0B22BE5C451AA539FB80D33E64999305BABA5B0D8F90F7838A3ADE2CBA63576B99C46C58A9F827A959C89EAA259A1EADA4C1D1A113A72C02C017F9C7530ECA1B3EAEDBB48D5320896C69E6EA2B80FD9EEF3CD8F32AE15ECAAB4A0A7775C1EFD89B50D33E64999305BAB2F74610312F88770E6B8357B45524512673CEE56CAAE92F154C74D82D88AA2CB1FEFDF4F1AAD98F662352ED9DC5518DB5CB6E5DD5229E6DAC203F9CA9EE8FAC46151960B301BE08B3EE3626DD7D923493FB0E3BAC0AE562303F334B099C801DCD0DBCF7A246BBF39
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\NativeMessagingHosts\ru.mail.go.ext_info_host
C:\Users\admin\AppData\Local\Mail.Ru\GoChromiumNativeHost\manifest.json
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech
avedte
5A36D0FE6048590997E3F11C1AB7B9E39C49A22308F19254A51B95A977597E83E9A737F4DACE7FB1C6AD52BB62E34742484E7CDB6072C690
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ExternalES\ff\[email protected]
7B22676F5F706172616D6574657273223A5B7B224964223A2270726F647563745F6964222C2256616C7565223A227B31383642443335352D413639462D343830382D414330382D3045423136314138453535467D227D2C7B224964223A22696E7374616C6C5F6964222C2256616C7565223A227B38313731353534312D383937452D343743362D424336362D3237373933374235443944307D227D2C7B224964223A226770222C2256616C7565223A22227D5D2C22696E7374616C6C5F6964223A227B38313731353534312D383937452D343743362D424336362D3237373933374235443944307D222C226D7264735F706172616D6574657273223A5B7B224964223A22696E7374616C6C6572222C2256616C7565223A22737075746E696B227D2C7B224964223A2262726F777365725F636C61737331222C2256616C7565223A66616C73657D2C7B224964223A2262726F777365725F636C61737332222C2256616C7565223A747275657D2C7B224964223A227061222C2256616C7565223A747275657D2C7B224964223A227064222C2256616C7565223A747275657D2C7B224964223A227062222C2256616C7565223A747275657D5D2C2270726F647563745F6964223A227B31383642443335352D413639462D343830382D414330382D3045423136314138453535467D222C22726672223A22227D0A
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ExternalES\ff\[email protected]
7B22676F5F706172616D6574657273223A5B7B224964223A2270726F647563745F6964222C2256616C7565223A227B39463831413839432D443033412D343441372D383945362D3446353334333933414243437D227D2C7B224964223A22696E7374616C6C5F6964222C2256616C7565223A227B38313731353534312D383937452D343743362D424336362D3237373933374235443944307D227D2C7B224964223A226770222C2256616C7565223A22227D5D2C22696E7374616C6C5F6964223A227B38313731353534312D383937452D343743362D424336362D3237373933374235443944307D222C226D7264735F706172616D6574657273223A5B7B224964223A22696E7374616C6C6572222C2256616C7565223A22737075746E696B227D2C7B224964223A2262726F777365725F636C61737331222C2256616C7565223A66616C73657D2C7B224964223A2262726F777365725F636C61737332222C2256616C7565223A747275657D2C7B224964223A227061222C2256616C7565223A747275657D2C7B224964223A227064222C2256616C7565223A747275657D2C7B224964223A227062222C2256616C7565223A747275657D5D2C2270726F647563745F6964223A227B39463831413839432D443033412D343441372D383945362D3446353334333933414243437D222C22726672223A22227D0A
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ExternalES\ff\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
7B22676F5F706172616D6574657273223A5B7B224964223A2270726F647563745F6964222C2256616C7565223A227B44364430443344332D303234462D343742422D423244352D4346423934383336354635327D227D2C7B224964223A22696E7374616C6C5F6964222C2256616C7565223A227B38313731353534312D383937452D343743362D424336362D3237373933374235443944307D227D2C7B224964223A226770222C2256616C7565223A22227D5D2C22696E7374616C6C5F6964223A227B38313731353534312D383937452D343743362D424336362D3237373933374235443944307D222C226D7264735F706172616D6574657273223A5B7B224964223A22696E7374616C6C6572222C2256616C7565223A22737075746E696B227D2C7B224964223A2262726F777365725F636C61737331222C2256616C7565223A66616C73657D2C7B224964223A2262726F777365725F636C61737332222C2256616C7565223A747275657D2C7B224964223A227061222C2256616C7565223A747275657D2C7B224964223A227064222C2256616C7565223A747275657D2C7B224964223A227062222C2256616C7565223A747275657D5D2C2270726F647563745F6964223A227B44364430443344332D303234462D343742422D423244352D4346423934383336354635327D222C22726672223A22227D0A
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Mozilla\NativeMessagingHosts\ru.mail.go.ext_info_host
C:\Users\admin\AppData\Local\Mail.Ru\GoChromiumNativeHost\manifest_ff.json
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech
avedte
5A36D0FE6048590997E3F11C1AB7B9E39C49A22308F19254A51B95A977597E83E9A737F4DACE7FB1C6AD52BB62E34742FD640A9336367642
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8CF376AD-75CE-44A5-B009-3932CF845BA7}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8CF376AD-75CE-44A5-B009-3932CF845BA7}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8CF376AD-75CE-44A5-B009-3932CF845BA7}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8CF376AD-75CE-44A5-B009-3932CF845BA7}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3404
mail.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\WFS.exe
Microsoft Windows Fax and Scan
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions
{8E8F97CD-60B5-456F-A201-73065652D099}
51667A6C4C1D3B1BDD889E9780330101B90A394657149585
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
DisplayName
Поиск@Mail.Ru
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
URL
https://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BC9034A02-2265-4A61-B29E-46EB41FA4B02%7D&gp=
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
FaviconURLFallback
https://go.mail.ru/favicon.ico
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
ShowSearchSuggestions
1
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
SuggestionsURL
https://suggests.go.mail.ru/ie8?q={searchTerms}
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page
https://mail.ru/cnt/10445?gp=
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0B160B06-E0C7-4EE9-9D8A-022B9965629B}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0B160B06-E0C7-4EE9-9D8A-022B9965629B}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0B160B06-E0C7-4EE9-9D8A-022B9965629B}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{0B160B06-E0C7-4EE9-9D8A-022B9965629B}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{13F90F3F-51DD-4D5E-A1B9-D396DAB416C4}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{13F90F3F-51DD-4D5E-A1B9-D396DAB416C4}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{13F90F3F-51DD-4D5E-A1B9-D396DAB416C4}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{13F90F3F-51DD-4D5E-A1B9-D396DAB416C4}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ExternalES\ie\{8E8F97CD-60B5-456F-A201-73065652D099}
7B22676F5F706172616D6574657273223A5B7B224964223A2270726F647563745F6964222C2256616C7565223A227B31464130384332332D313330362D343237432D394443432D3531414237443631333330387D227D2C7B224964223A22696E7374616C6C5F6964222C2256616C7565223A227B38313731353534312D383937452D343743362D424336362D3237373933374235443944307D227D2C7B224964223A226770222C2256616C7565223A22227D5D2C22696E7374616C6C5F6964223A227B38313731353534312D383937452D343743362D424336362D3237373933374235443944307D222C226D7264735F706172616D6574657273223A5B7B224964223A22696E7374616C6C6572222C2256616C7565223A22737075746E696B227D2C7B224964223A2262726F777365725F636C61737331222C2256616C7565223A66616C73657D2C7B224964223A2262726F777365725F636C61737332222C2256616C7565223A747275657D2C7B224964223A227061222C2256616C7565223A747275657D2C7B224964223A227064222C2256616C7565223A747275657D2C7B224964223A227062222C2256616C7565223A747275657D5D2C2270726F647563745F6964223A227B31464130384332332D313330362D343237432D394443432D3531414237443631333330387D222C22726672223A22227D0A
3404
mail.exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech
avedte
5A36D0FE6048590997E3F11C1AB7B9E39C49A22308F19254A51B95A977597E83E9A737F4DACE7FB13487E511A5716F11C8CB2A413061D453
1468
na_runner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
na_runner.exe
1468
na_runner.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Settings
GUID
{91B7B558-A0A9-4458-8233-76AA3D25226A}
1468
na_runner.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Mail.Ru\Updater
GUID
{91B7B558-A0A9-4458-8233-76AA3D25226A}
1468
na_runner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
UninstallString
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe uninstall
1468
na_runner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
DisplayName
Служба автоматического обновления программ
1468
na_runner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
Publisher
Mail.Ru
1468
na_runner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
DisplayIcon
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe
1468
na_runner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
InstallLocation
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe
1468
na_runner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
VersionMajor
5
1468
na_runner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
VersionMinor
0
1468
na_runner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MailRuUpdater
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe
1312
MailRuUpdater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
MailRuUpdater.exe
1312
MailRuUpdater.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
1312
MailRuUpdater.exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ptls\{2AB1F4AB-E3FA-4047-9033-EC223C8354F5}
finished_time
61A1275D00000000
1312
MailRuUpdater.exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ptls\{B202C093-6D9F-43F2-8B6C-44FC1583EFAF}
runid
10
1312
MailRuUpdater.exe
write
HKEY_CURRENT_USER\Software\Mail.Ru\Tech\ptls\{FC604959-8A01-4E8B-A3E5-87CEEBD6FEDB}
finished_time
61A1275D00000000
2972
MailRuUpdater.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication
Name
MailRuUpdater.exe
2972
MailRuUpdater.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
2972
MailRuUpdater.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Mail.Ru\Tech\ptls\{84DC8324-C256-4EF5-B0DC-383B43EE77E9}\ready_items
waiter
1
2972
MailRuUpdater.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Mail.Ru\Tech\ptls\{84DC8324-C256-4EF5-B0DC-383B43EE77E9}
finished_time
65A1275D00000000
3800
mrupdsrv.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
MRSearchPlugin
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
NoExplorer
1
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
AppName
mrkeeper.exe
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
AppPath
C:\Users\admin\AppData\Local\Mail.Ru
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
Policy
3
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\InprocServer32
C:\Users\admin\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\InprocServer32
ThreadingModel
Apartment
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\Version
1.0
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\ProgID
IESearchPlugin.MailRuBHO.1
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}\Name
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESearchPlugin.MailRuBHO
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESearchPlugin.MailRuBHO\CLSID
{8E8F97CD-60B5-456F-A201-73065652D099}
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESearchPlugin.MailRuBHO\CurVer
IESearchPlugin.MailRuBHO.1
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1
2264
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1\CLSID
{8E8F97CD-60B5-456F-A201-73065652D099}
2264
regsvr32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions
{8E8F97CD-60B5-456F-A201-73065652D099}
51667A6C4C1D3B1BDD88949382330308BA03384654109082
2360
MailRuUpdater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
MailRuUpdater.exe
2360
MailRuUpdater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
UninstallString
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe uninstall
2360
MailRuUpdater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
DisplayName
Служба автоматического обновления программ
2360
MailRuUpdater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
Publisher
Mail.Ru
2360
MailRuUpdater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
DisplayIcon
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe
2360
MailRuUpdater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
InstallLocation
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe
2360
MailRuUpdater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
VersionMajor
5
2360
MailRuUpdater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater
VersionMinor
1
2360
MailRuUpdater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MailRuUpdater
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe
1916
MailRuUpdater.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication
Name
MailRuUpdater.exe
1916
MailRuUpdater.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Windows\TEMP\246B22CA35754C8B92927F5ACDDC6625
2464
MailRuUpdater.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication
Name
MailRuUpdater.exe
2464
MailRuUpdater.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3400
MailRuUpdater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
MailRuUpdater.exe
3400
MailRuUpdater.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
1636
MailRuUpdater.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication
Name
MailRuUpdater.exe
1636
MailRuUpdater.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US

Files activity

Executable files
17
Suspicious files
27
Text files
79
Unknown types
7

Dropped files

PID
Process
Filename
Type
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe
executable
MD5: a29c9f523b47027fb97190b908c18979
SHA256: 25ceeaed228c2d7c08bad41362ad6619c243324ad8a0e05c75d3672e96373bed
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\3997-08e3-e235-3747\ie_addon_dll.dll
executable
MD5: 8c1c71d39137c7a7b2b9bdfe6eefe73c
SHA256: 1d297d91948c568edf3214eff94460c7dcf5c32a96bbee1f5adf47c3754ced63
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll
executable
MD5: 8c1c71d39137c7a7b2b9bdfe6eefe73c
SHA256: 1d297d91948c568edf3214eff94460c7dcf5c32a96bbee1f5adf47c3754ced63
2972
MailRuUpdater.exe
C:\Windows\Temp\768b-df4b-a225-e7e2
executable
MD5: 602cd1f0dd54e83de1413705aa378803
SHA256: 8eeef659d4d3e827474b4c769436807eafedf58dc923054338cb5385dc8d3998
1916
MailRuUpdater.exe
C:\Windows\TEMP\246B22CA35754C8B92927F5ACDDC6625
executable
MD5: 4ac5a9796e153b190e70e2f51e49a131
SHA256: 5530be4592507773e6ca5ef13160973824c8dcff7f4cb4f97b5b508a336c8727
1468
na_runner.exe
C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
executable
MD5: feb798265c24beb577cb5bcd43cbd158
SHA256: d9be17d76dfb9d90246512ce89dd7aab7cf1cf94d6145429a84094614aba65e4
2360
MailRuUpdater.exe
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe_
executable
MD5: 4ac5a9796e153b190e70e2f51e49a131
SHA256: 5530be4592507773e6ca5ef13160973824c8dcff7f4cb4f97b5b508a336c8727
1468
na_runner.exe
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe
executable
MD5: feb798265c24beb577cb5bcd43cbd158
SHA256: d9be17d76dfb9d90246512ce89dd7aab7cf1cf94d6145429a84094614aba65e4
2360
MailRuUpdater.exe
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater.exe
executable
MD5: 4ac5a9796e153b190e70e2f51e49a131
SHA256: 5530be4592507773e6ca5ef13160973824c8dcff7f4cb4f97b5b508a336c8727
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\3c61-94c9-4d98-ebcb\na_runner.exe
executable
MD5: feb798265c24beb577cb5bcd43cbd158
SHA256: d9be17d76dfb9d90246512ce89dd7aab7cf1cf94d6145429a84094614aba65e4
2264
regsvr32.exe
C:\Users\admin\AppData\Local\Mail.Ru\mrkeeper.exe
executable
MD5: 2dfcf04fc94b9f268991b6344149bf7b
SHA256: b75db4bc584670986c305e1ff8df339bae96c1148c63defd2202ebe487604651
2360
MailRuUpdater.exe
C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
executable
MD5: 4ac5a9796e153b190e70e2f51e49a131
SHA256: 5530be4592507773e6ca5ef13160973824c8dcff7f4cb4f97b5b508a336c8727
2972
MailRuUpdater.exe
C:\Windows\system32\config\systemprofile\AppData\Local\Mail.Ru\MailRuUpdater\us\336327ca85_d\MailRuUpdater.exe
executable
MD5: 4ac5a9796e153b190e70e2f51e49a131
SHA256: 5530be4592507773e6ca5ef13160973824c8dcff7f4cb4f97b5b508a336c8727
2828
768b-df4b-a225-e7e2
C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe
executable
MD5: 602cd1f0dd54e83de1413705aa378803
SHA256: 8eeef659d4d3e827474b4c769436807eafedf58dc923054338cb5385dc8d3998
1312
MailRuUpdater.exe
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater\us\2d0cd78004_d\MailRuUpdater.exe
executable
MD5: 4ac5a9796e153b190e70e2f51e49a131
SHA256: 5530be4592507773e6ca5ef13160973824c8dcff7f4cb4f97b5b508a336c8727
1916
MailRuUpdater.exe
C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
executable
MD5: 4ac5a9796e153b190e70e2f51e49a131
SHA256: 5530be4592507773e6ca5ef13160973824c8dcff7f4cb4f97b5b508a336c8727
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\GoChromiumNativeHost\native_host_app.exe
executable
MD5: 2fd24b550e262ef2b91162f4728729d2
SHA256: 3891ff2d5620b4ee5326dcfdd50e1a34def8397579c7dbec45b296dd5727d25f
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d9b4-ac70-88e9-7061\META-INF\mozilla.rsa
––
MD5:  ––
SHA256:  ––
3400
MailRuUpdater.exe
C:\ProgramData\Mail.ru\ifrm
binary
MD5: 84d788c79159e48b56f7331163c241ee
SHA256: 7b9f2aee0c5a930ae76f36cb850838bbd2c2ca666071583a95be237d4ce61519
1636
MailRuUpdater.exe
C:\Windows\system32\config\systemprofile\AppData\Local\Mail.Ru\MailRuUpdater\us\336327ca85
binary
MD5: 03a2a59bd61da53266f59bb47b0c8f76
SHA256: 8a8a633f9b635f7f3e5ccf5053c8cd1f4c8cf55cd4c4b77104c215c59c4e6839
1312
MailRuUpdater.exe
C:\ProgramData\Mail.ru\ifrm
binary
MD5: 28114aaf214b9978736d5d86f26b4897
SHA256: 4e0714a80e92a28bdd9aaad95e6291805224453e4814f8b2270c02e76e26c3b5
3400
MailRuUpdater.exe
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater\us\2d0cd78004
binary
MD5: 03a2a59bd61da53266f59bb47b0c8f76
SHA256: 8a8a633f9b635f7f3e5ccf5053c8cd1f4c8cf55cd4c4b77104c215c59c4e6839
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Tmp\DeferredTasks\metadata
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extension-settings.json
text
MD5: 8470f9020917993ea26db4688466bb31
SHA256: 9bfeef048c4a1882355a8d5a3fa52f3755541230c9b100f24be3a0e51865f63d
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extension-settings.json_4f05-2fb2-4230-77d8
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\GoChromiumNativeHost\manifest_ff.json
text
MD5: ae782db097cb8b935024c7a510b57b0d
SHA256: 5e9cadc5056144939b1f3d0263978099187ae29935af959264ca2e1fa1d396fc
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extension-settings.json_b300-4251-26e4-a510
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 8f66e48c3eb32d4ad3e562d8e3c2b9e0
SHA256: c257fdb9c1a81a4245dc59e4e2e78b8482ffbcd2ba9cb3e7969f43ef0cd9ebc4
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: f5a28ad811213d5fe19fcf022d1ab957
SHA256: bc7b4602d900b36a9b20d4db6834d7f838901ff32aab4bdad7767720669b77f3
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js_2f2a-9c8c-695c-f186
––
MD5:  ––
SHA256:  ––
2464
MailRuUpdater.exe
C:\Windows\system32\config\systemprofile\AppData\Local\Mail.Ru\MailRuUpdater\us\336327ca85
binary
MD5: 7dd052c821bc2b5edac29df10227cc17
SHA256: d43b714b8344e1ad49aab2708c12f4098cac2fb912600186c76b6e885658ba7d
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi
compressed
MD5: 3f6afa08d059ab287a16848d8e2fa668
SHA256: 8b910a2efcd98bf753a0433b86f76c1ed559791fb5c5250c29732cf8df43e30c
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
text
MD5: eb5985cb52ddaa40f3feed048a4c57c0
SHA256: 2f1dcbfca1e048225957f14949eb2aa5b725d035e48bd66707fdb256e3f46de9
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
jsonlz4
MD5: 5e4322dc96fe8a68d8b6f152f9843f4e
SHA256: de8f13f32d2f27f70ad8bb49f9ce8ca159bd391e0a02f9ba02e99f09e21c5d36
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json_0656-4155-fefb-4069
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\vendors~background.bundle.js
text
MD5: aa0fc0d6a9549c5397bc623982666033
SHA256: 5bf916d40a5de961be4eb14d6864b5f359d41cb2581c03f1596be86059d2c100
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\visual-bookmarks.html
html
MD5: 92b81ef7eadaff95b995e602d9a78422
SHA256: 401d26e2b77263f5f93b64fcfe17faca6f5472aaafa76df76ec8d11bfac73471
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\vendors~app.bundle~background.bundle.css
text
MD5: 677027cf7cf024a4d66e1f42a86d169f
SHA256: 674da6648aea68ecf1903ecb58fd02d4a09877c5ba15e935da98dcf4e8ccc621
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\manifest.json
text
MD5: 476c4d4befb24e828c593e1215a06e22
SHA256: cf9ec8a1667bbc47aa8358e93b27699ed22359d546b937c8ae070623d77a7ea7
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\white-cross.png
image
MD5: 11b3a6ed2d3139ffaa551d14e4f0f615
SHA256: e3be0a74402b8de0b9c4e454b44290b5daec0a34a2247eebfd780e6b9feab2f8
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\vendors~app.bundle.js
text
MD5: ed6f873601b904634e2924fa7242a47a
SHA256: a52f14cb03c42e5609e21fad24e85a5a430ed19f3eee43985bab7e92d988a15d
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\prerender.js
text
MD5: abc47670ab92e45d55d2ba39202dd8ae
SHA256: c5e4be6a095581ca0b0ea908c83011f23db313ab55c2a64dc8c058ca9c85140b
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\vendors~app.bundle.css
text
MD5: bf83b11b069d911ef09b0ef1cd7cf43d
SHA256: 29d9f00eeb9bcabd959a6e72fa27f570066d5d108e6c3a837daa1d86bbf44a44
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\vendors~app.bundle~background.bundle.js
text
MD5: c67674555463171dc09537ce001d4052
SHA256: c6d0e06ab792c4ebc53f79680ef28f699c0791a91f6a5af7da61aed4545cff5f
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\install.rdf
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\icons\icon-16.png
image
MD5: b437c2bbb1a0c8ac48b1c811cce48618
SHA256: f474baed6ba224095201c57fcbc12ff8b89b057b39673b1e462629bb36001415
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\trash.png
image
MD5: 19b080cbfbc4265174b0f8d7a40918bf
SHA256: 6d336751b44237d5c89a177f8b4420e0fa1444be31e8be8f0084ebf26bc6e138
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\icons\icon-32.png
image
MD5: 2fef9969a9f43e7a5b0149788f79d53c
SHA256: 88c432a43604c5a6fd4db42d84d12849c93a3ce94c74c7ba42a8e3ed8705c82f
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\spinner.png
image
MD5: d1f8593465b2132bcc5d78ff6c258871
SHA256: 5c80f2023b9a895adac965fa933cee674aa9578f7c46be3c3696a68b673186fd
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\icons\icon-128.png
image
MD5: 5ca12f58df93be62819d79b4a9a8b55a
SHA256: f25f9a626cc55c318f90d205d555efc8a8c6803b9e0242d32eb150faff15beee
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\icons\icon-48.png
image
MD5: 614f150f7413761d006cdb2d4ecfba1f
SHA256: d6a7f2a87a62d84882606b10538d838cd76c8bb6847ad377597a5ae1132c067a
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\browser-action\disabled-128.png
image
MD5: fc02a6f51aa9e517e9c9da89c30c139f
SHA256: 4b8171c229e47c4785b7f1be69c3f12cef07468d699df7a32d9c8ea65e74e1f0
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\black-cross.png
image
MD5: 6e8f63a0c0ec7a96d543468c81fb17d7
SHA256: 8596e18836e11b1dd4764089f169b7d2f07bc3a7bf677bbd14e0f72cba549cd5
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\background.bundle.js
text
MD5: 152104fb260a541abe6d0144e82948ec
SHA256: 71402c237191ffe722c46ba572337f571d902f87cc36416f548d81d210baa144
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\browser-action\add-16.png
image
MD5: 7073def5ddd1262526c81b5b3900ecb1
SHA256: 61d416fd45c6d00b53065e151f4129d9323b7cb46be0383ce3282ba8fd60c0b7
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\browser-action\added-16.png
image
MD5: 270498a9decc1d4d7ca7f04948c975ff
SHA256: d683de2cc48591f88df0db3b73cd32b7eae8ffc5b5a4495300829a5dd171e9c3
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\browser-action\added-48.png
image
MD5: 5e82ae6edb9c46b11881974dc39901f1
SHA256: 283b6b212706975af6899671147f37fa49ff8f821be86e4e456f3302229ccb3c
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\browser-action\added-32.png
image
MD5: c96387982cd56d76693122a4daad66e5
SHA256: a680752e2d789cfcba3cc09732de02a394079e3bf38612ea8255fe73f5600ed0
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\browser-action\added-128.png
image
MD5: 0dba918af362385782e3a3e68e1cc6eb
SHA256: 02417f603ddd8695c60b2cb85680d5cd3957e64b530d97d7f6c029c9b8d2317f
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\browser-action\disabled-48.png
image
MD5: be93715c8bc1551d2e5570b72433c881
SHA256: 6eb4cf30334685f79f25550c4e43cf8301cd062c6a2f7bf7b771247c323b4ea9
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\browser-action\add-128.png
image
MD5: 3484c00a7cb76e57e450a4077739d78b
SHA256: 01832bcf22321542d86c7566a27cf11fdab916dfb68bf97304ee375ad8b55802
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\context_mailru-plugin.js
text
MD5: 2f547d0ca60edf327c9a1a6dea76a318
SHA256: 224297f24943fabc9a5d7a9c6dea451cfb15cd3757e2f2d406e6fd5e7e4a82a9
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\browser-action\disabled-16.png
image
MD5: 1f880eb894fc869995e1def80c9295d4
SHA256: 453fccb87616ecbaf7ca3f2feb624da7582e1a594cb6e475b04d765dea01ea1b
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\browser-action\add-32.png
image
MD5: fcba8fcc39961e8bdc400d9a8a50c5e1
SHA256: 985c967b1a018059d12a276f31c6d47ad9dc86c3be7abdc6bf42066ab739efdb
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\background.html
html
MD5: f5ce83430bcf152f637e6f5e2c4d042b
SHA256: 75654fb4625c85823e6e58350944e31c8a6587a7034d470dd0a634e3119fabe6
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\browser-action\add-48.png
image
MD5: c99344b7e9c74561ca04204dd4f60bbf
SHA256: 6eccc64122ac46f70d7aafdbd9b8924573a58af9db775e349a95057acf254b7b
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\img\browser-action\disabled-32.png
image
MD5: ff9c29cf6e768537450d6191f15f31c6
SHA256: a36c69c19ef6cc04e13a6a19af1b17c111d577057f6c7651d69444fcef6aeb96
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\background.bundle.css
text
MD5: 8809ed6a0bf3b15223eb2b3ed6a6a313
SHA256: 00fbde9b0e8b6fd6977ce03785b8fc4e1c796ba30380368a4aea0b99d8fa7854
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\assets\resources\currency-arrow-dark-up.png
image
MD5: b7cd095ac0c10c8f7f5d833e4d20f898
SHA256: 18b15c62ec6cc12866e2ead49e90e358e9b82911c1a9cc1ab0e21c1a27bb0149
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\app.bundle.css
text
MD5: 7d96839ec095a7d92ffaad50502c1583
SHA256: 8da3737bfe79a01027b7c6523f4d2d125af64d63f8ea971c60a7e0a8d8f5bb4f
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\assets\resources\currency-arrow-light-up.png
image
MD5: cf2c2b41627138f7d1726d59593af7c5
SHA256: b28f1602662c7bf230394d887673d35633f4ac2aeeb6943f84a49459b04e1a74
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\app.bundle.js
text
MD5: 57051478106e852ca978adb1e3e44477
SHA256: 86aa13af13535accaf5e6e28fabbf629763ad92bdf9d423e1f1cd685f30d022f
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\assets\resources\currency-arrow-light-down.png
image
MD5: 607d1a59c5b9e2b250036391a402a07a
SHA256: 9a8c5484a1895088ee0c65b814c59472230583fb7832eeb06f4a98ddafd99f51
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\assets\resources\drag-arrows.png
image
MD5: 23b92cc3baaf4ec5fef2ac88c68353ce
SHA256: 2ee6d016d655bb8e1bbcab0abff8751eb63181cfc9269c60d06d4d4baacf3ec7
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\assets\resources\search-cancel-button.png
image
MD5: 4a30df74e2f0b5be3ec0d8b0b754e516
SHA256: 7964231b40cc841cc280924d26b8426456f4b1d2ebd42ee8465f12046db298c4
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\assets\img\loaded-empty.png
image
MD5: 3cb000e8ce49f1575da0c770cd957ec3
SHA256: b65cf4b73aa9314f21b60ac837aa0cb7cca724712c33c0da7cae2e05ee850f26
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\META-INF\manifest.mf
text
MD5: c47ad60ab3eda95450df6b5a3f71dff2
SHA256: 15e7897334acccc18e2c126e1f1c4c0349d743f92d8386181a9566ec53cebc63
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\_locales\ru\messages.json
text
MD5: ae80c3fc0a3b9654609fb9ee0aa31bc5
SHA256: ab9a763d5136cbc1ef71d71404d365c6278cfabc30a53965f611a683ff4aed6e
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\META-INF\mozilla.rsa
cat
MD5: b8ff8119b27d9a8904275a932eed785e
SHA256: 51e62118c2dd1e476037d474fc3beb7f06f5b39ad672f0ede86ad7642e78f08c
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\META-INF\mozilla.sf
text
MD5: 88e70c1a5459bf9f2ad7cf64a38b4496
SHA256: ad835ea8e54db14b65920e450f35bb0e3c59f14fe9458cd85b7f189c78b54172
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d0a0-a845-bb82-d59c\_locales\en\messages.json
text
MD5: d9bcae22cc0f6a486086f09dfb7bf538
SHA256: 117b48c023eb95a029b3e2721e7ca8e17faae72ad1e3ebd679331f0c69b4e5a9
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\[email protected]
compressed
MD5: 643710701dfb7b1a4d8a7b6c4d18f503
SHA256: d4de5cd3d49c6630bb9c15210d2e24302b31c87130b3dc56d8c956c7d8ffb11d
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json_932c-c43d-2c74-8a7c
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\8d63-828d-07d5-97f9\icons\48.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\8d63-828d-07d5-97f9\icons\16.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\8d63-828d-07d5-97f9\icons\32.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\8d63-828d-07d5-97f9\icons\128.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\8d63-828d-07d5-97f9\META-INF\mozilla.sf
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\8d63-828d-07d5-97f9\manifest.json
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\8d63-828d-07d5-97f9\background.js
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\8d63-828d-07d5-97f9\install.rdf
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\8d63-828d-07d5-97f9\META-INF\manifest.mf
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\8d63-828d-07d5-97f9\META-INF\mozilla.rsa
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\[email protected]
compressed
MD5: db7398d2d930a2fd8f8c879da7659dc6
SHA256: b83e9c14d81b16d42effdfeece5a3c99a424a6a5f591d02d445c41c665e35447
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
text
MD5: f8064c84c720bd9e3cb026f966659489
SHA256: 2c19d6d67cf4ed9b66836614a2e6bceaec2b4b3c2bb65ce9889e0d14885ab7fc
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
jsonlz4
MD5: b02fce1bc171d1a549428a539314ca85
SHA256: 765ea69c4b74863e5121efb3f4e075943851cecbce029f406f02f86bed9a2708
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini
ini
MD5: 59d9d6e5fe3b654a69208fb64c286d1a
SHA256: e57d457d83e5ca0085e7e3692ff8f0df3864a24c8f017686f0c1556cf67a9056
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json_881b-a61c-63fb-e6ed
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d9b4-ac70-88e9-7061\manifest.json
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d9b4-ac70-88e9-7061\install.rdf
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d9b4-ac70-88e9-7061\icons\128.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d9b4-ac70-88e9-7061\icons\32.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d9b4-ac70-88e9-7061\icons\48.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d9b4-ac70-88e9-7061\META-INF\mozilla.sf
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d9b4-ac70-88e9-7061\background.js
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d9b4-ac70-88e9-7061\icons\16.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions\d9b4-ac70-88e9-7061\META-INF\manifest.mf
––
MD5:  ––
SHA256:  ––
2708
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb2708.26925\25ceeaed228c2d7c08bad41362ad6619c243324ad8a0e05c75d3672e96373bed.bin
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Tmp\DeferredTasks\metadata
binary
MD5: dc8b2ef1385c3ecda3420760dcecc562
SHA256: c3549110403859a1890141794e1ef90e42bb2e3a1edf356b6ece838ae5492691
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\GoChromiumNativeHost\manifest.json
text
MD5: 31bc0589fd41346c56ac07bf9f77bf32
SHA256: fa900b17a306246046ba2c3baf64bd7c803056a3fc702f8d59af075f2bbdc1d2
3404
mail.exe
C:\Windows\System32\GroupPolicy\gpt.ini
text
MD5: 0d210c5b46142912ac25b527969bb446
SHA256: 6dd1a2813c317c320c22e5980b99ed8545ee764c7b0e1ce3b632f54f2dcd8038
3404
mail.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: bdbce68845ae3f642fe005035d6c80aa
SHA256: d86247fa984c8728ae944faf49c1f1f7d14bc11fb1e12b6852d7c4d6294c3450
3404
mail.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
text
MD5: 48292af00c9372ae4cbea3635ac14dcb
SHA256: ae8dedb11b8cbb1c1169d47fc05aa22d57da37eabf9441ccdda5d491ad79cb03
3404
mail.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Bookmarks_7fea-256b-0a4f-e633
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\84a3-8178-ead4-2d19\search_16.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\c32a-6411-7368-4fdb\mail_16.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: 3bc8ed8a2531ca9a828ea8000b9a34ff
SHA256: 904933b29fa9305012e0e875347b344d7f38969e9d78ad6dd548ebc7c97697f2
3404
mail.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences_a5ae-eb82-d973-d8be
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 80129d02d14d7f7c3aa6c6eda3199864
SHA256: 81559a1ec93506fe275896646771f2ea24d7fbe7f38debd1240965bd39036880
3404
mail.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences_f9dd-89e9-5c8d-244e
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Windows\System32\GroupPolicy\User\Registry.pol
binary
MD5: 8e1b08222f20e45a3e8db04c569f9cb7
SHA256: 5bb1f21f806938a043563024b13b33d74a2b95b767c5f81bde8456e9d0413a89
3404
mail.exe
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
binary
MD5: db4a7ed73d5af65fc281002cd6f2d1d9
SHA256: 32f4408d218a4644b98ddcee2919dc8b185a7551c6e59d9a66adfdc871b32e3d
3404
mail.exe
C:\Windows\System32\GroupPolicy\GPT.INI
text
MD5: 0d210c5b46142912ac25b527969bb446
SHA256: 6dd1a2813c317c320c22e5980b99ed8545ee764c7b0e1ce3b632f54f2dcd8038
3404
mail.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdkfkdkokphfploiiddakjokndinfgb
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\manifest.json
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\vendors~app.bundle~background.bundle.js
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\pulse-feed-8.5.0-0.standalone.js
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\white-cross.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\prerender.js
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\trash.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\vendors~app.bundle.js
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\visual-bookmarks.html
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\vendors~app.bundle~background.bundle.css
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\vendors~background.bundle.js
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\manifest.json
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\vendors~app.bundle.css
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\browser-action\disabled-32.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\spinner.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\browser-action\disabled-48.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\icons\icon-128.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\icons\icon-32.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\icons\icon-48.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\browser-action\disabled-16.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\icons\icon-16.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\browser-action\added-128.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\browser-action\added-16.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\browser-action\added-32.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\browser-action\added-48.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\browser-action\add-48.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\browser-action\disabled-128.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\browser-action\add-128.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\black-cross.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\browser-action\add-16.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\img\browser-action\add-32.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\background.html
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\assets\resources\currency-arrow-light-up.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\assets\resources\search-cancel-button.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\background.bundle.css
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\background.bundle.js
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\_locales\en\messages.json
text
MD5: e135ea93596c012b7e3bf2aefa6f29a7
SHA256: b271469e88d4ebdda0acd466a00b0ff1a357672148bc2e03eff5bd6b5def3e90
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\_metadata\computed_hashes.json
text
MD5: 2bc61beb23eb873827d287d69ed648e5
SHA256: a5520707a699570a248146c41fb1550fc359f3211301265202c2a5b2f3c0b5e7
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\app.bundle.js
text
MD5: a7d6c200793abec9942dce9336304392
SHA256: 0d617a4c2dc45cdc7621c6f9115b74ab00f13ba8f08da54c9bb931c8ea71e934
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\assets\resources\currency-arrow-dark-up.png
image
MD5: b7cd095ac0c10c8f7f5d833e4d20f898
SHA256: 18b15c62ec6cc12866e2ead49e90e358e9b82911c1a9cc1ab0e21c1a27bb0149
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\assets\resources\currency-arrow-light-down.png
image
MD5: 607d1a59c5b9e2b250036391a402a07a
SHA256: 9a8c5484a1895088ee0c65b814c59472230583fb7832eeb06f4a98ddafd99f51
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\app.bundle.css
text
MD5: 7a33b03dcee115f5e1277fa5f86b4f66
SHA256: 17d705468f30d40e6b4ff587bbde92fa94df1be18fa8623be29bc8155bd3b854
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\assets\img\loaded-empty.png
image
MD5: 3cb000e8ce49f1575da0c770cd957ec3
SHA256: b65cf4b73aa9314f21b60ac837aa0cb7cca724712c33c0da7cae2e05ee850f26
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\_metadata\verified_contents.json
text
MD5: c548b5053bc7faede5c4e53019399864
SHA256: 18e5a2d34c6e2f22f98fb826ff32a5b399ce4f48a8d5abd5edc18bd1e92501c9
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\9c76-e696-f4eb-7b9e\hjdkfkdkokphfploiiddakjokndinfgb\5.3.23_0\_locales\ru\messages.json
text
MD5: 99be4fec4bed5e2c171e72a21d0869d3
SHA256: 78b33b72355f6a82eb4df5e7e51a8b7ffef51d80e09c4834a8dff1dc5ac20ceb
3404
mail.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iepoegkaoeljnbhagabakjodgpfniimo
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\faa0-f74b-8c74-f76a\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0\manifest.json
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\faa0-f74b-8c74-f76a\iepoegkaoeljnbhagabakjodgpfniimo\manifest.json
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\faa0-f74b-8c74-f76a\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0\icons\32.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\faa0-f74b-8c74-f76a\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0\icons\128.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\faa0-f74b-8c74-f76a\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0\icons\48.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\faa0-f74b-8c74-f76a\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0\_metadata\computed_hashes.json
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\faa0-f74b-8c74-f76a\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0\icons\16.png
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\faa0-f74b-8c74-f76a\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0\_metadata\verified_contents.json
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\faa0-f74b-8c74-f76a\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0\background.js
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Windows\System32\GroupPolicy\gpt.ini
text
MD5: 6427e1627fb697e73df506a2b5f77d72
SHA256: 3d7852515a0bf5fb21e7bd617587b28631bf49dfe21ba731d567c4c55a6f2f16
3404
mail.exe
C:\Windows\System32\GroupPolicy\gpt.ini
text
MD5: 0e784516f2abedfd88a7f2d4810fdfd9
SHA256: a5126a1be173ee7ee43a7c23d49422449538e17795bebf772d488c535de86fe7
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\a728-f145-1464-a5a2
––
MD5:  ––
SHA256:  ––
1312
MailRuUpdater.exe
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater\prodmon
binary
MD5: 2c0ddcb4476df2423a3468ec3256aebb
SHA256: 9c7553c42844af8d8ca35c86cf399a22a3f9a372293b601f6a8b615a91b87a36
1312
MailRuUpdater.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-shm
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\bffe-9b9a-2731-4249\ie\p0b4c3115a4446533ea643007f860c4f6
compressed
MD5: 88d0066d2934121ca8d3f05794d932e2
SHA256: 85f72afbb60794b9c9cfb5c622d29a88c94ab4574ff2a0f2b8d129f873149d29
2972
MailRuUpdater.exe
C:\Windows\system32\config\systemprofile\AppData\Local\Mail.Ru\MailRuUpdater\us\336327ca85
binary
MD5: 40f9e5ea27696eedd08a8494624c0d52
SHA256: 49985e92ba2ec62f1e29b27fbfc22482adf259c17afc22c7eef032c27fbe462d
1312
MailRuUpdater.exe
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater\us\2d0cd78004
binary
MD5: 40f9e5ea27696eedd08a8494624c0d52
SHA256: 49985e92ba2ec62f1e29b27fbfc22482adf259c17afc22c7eef032c27fbe462d
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Tmp\DeferredTasks\{EB9C361C-96DD-4833-B064-BC6CBC963CFD}\p76dfc7fbd3c3bba694b965f548e294a2
compressed
MD5: aac9ae356bcb22d4b85d4df95b9dd6c9
SHA256: a37094b5bdf7552b4ad4931d70774ac47cfc3d006d2a652e0971eb7d37ae8e09
1312
MailRuUpdater.exe
C:\ProgramData\Mail.ru\ifrm
binary
MD5: 688b18a50bdb5775012d26d10299db5c
SHA256: 99b5a19e6fb1e5c63af020971049fa84ba3105f99d942beb4c07adc2612eecda
2972
MailRuUpdater.exe
C:\Windows\Temp\a0b7-a7a6-3a03-da08
––
MD5:  ––
SHA256:  ––
1312
MailRuUpdater.exe
C:\Users\admin\AppData\Local\Temp\1f46-f56e-a6c4-b9a5
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Windows\System32\GroupPolicy\GPT.INI
text
MD5: 0e784516f2abedfd88a7f2d4810fdfd9
SHA256: a5126a1be173ee7ee43a7c23d49422449538e17795bebf772d488c535de86fe7
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Tmp\DeferredTasks\{EB9C361C-96DD-4833-B064-BC6CBC963CFD}\pfe58101a796f702a65f3b942494e7d1b
compressed
MD5: 8dbaa9bc3542ef07ac82c43673adfb23
SHA256: e9c8a8af9f221e05ba03c5e6db1327e6247ee6e7d845203f84d9cdfb5575ac69
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Tmp\DeferredTasks\{EB9C361C-96DD-4833-B064-BC6CBC963CFD}\p6d2c7cda72cc50d7cd4d37c62f194afa
compressed
MD5: 4d32125ac02927870a70547b1156f791
SHA256: dc3fed4743633eb702af9a5472b62fa880c85ee0bdcd910fc560111e710849a7
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Tmp\DeferredTasks\metadata
binary
MD5: fb11a6ca5eb209e29cf4c78faf881abc
SHA256: d1927fce3625801394f620bae3b5ac4c06947384d963fda07a0f7d32b1e8c060
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Tmp\DeferredTasks\{EB9C361C-96DD-4833-B064-BC6CBC963CFD}_c
binary
MD5: 3e5052d5235b022c9f4919a4c3abfc83
SHA256: e32fb994b214df53099fac1605720f64fc2cbec75d2ab877b26150ca49dc4450
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Tmp\DeferredTasks\{EBAF811D-2741-4124-B970-47137A88CE46}\p1a9ab46e4d48da3660c62918298ecaad
compressed
MD5: c110516fac153caf1dc6955e69570ff0
SHA256: b562a0f6b5f721c13a531a56ab4005738a621b14285b556611341cbf61e2cba8
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Tmp\DeferredTasks\{EBAF811D-2741-4124-B970-47137A88CE46}\p0cbb3eb170cb947ca46cb5d2affcb83a
compressed
MD5: 3afbcad27cbf5b5b0c2084ac6366f689
SHA256: 07e5a914348b102a2109b48141e58f0de0cba2e1c1303d741cf0bfb13b007bc8
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Tmp\DeferredTasks\metadata
binary
MD5: 96ee8e66931e7c57fb724fec778723ed
SHA256: 9925beb10c9e7bcc2251803d3b71869552785e7a773b30d9d4282ce5331a9c46
3800
mrupdsrv.exe
C:\Windows\system32\config\systemprofile\AppData\Local\Mail.Ru\Update Service\us\d9bf774acb
binary
MD5: 6c359f25f412c04af50e89c6dee38a92
SHA256: 8ea04c87eb5c70883e54a017bfdf5c1db13a6aaed4167457099b03f44e419673
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Tmp\DeferredTasks\{EBAF811D-2741-4124-B970-47137A88CE46}_c
binary
MD5: 3e5052d5235b022c9f4919a4c3abfc83
SHA256: e32fb994b214df53099fac1605720f64fc2cbec75d2ab877b26150ca49dc4450
3404
mail.exe
C:\Users\admin\Desktop\Искать в Интернете.url
text
MD5: eaa4ae3f04fd33f17ca945431d639099
SHA256: 8c1f09710f5aa6e6a82433f12fe1854c2e64a9a07ed9d5f32e1db8ae43acc202
3404
mail.exe
C:\Users\admin\Favorites\Искать в Интернете.url
text
MD5: eb08378217b4a9d27f46fa00527d778b
SHA256: b0c3586271724be93c4ba4af3d9a7df05462f76b603dd7ef7e5ba4448bb7c244
3404
mail.exe
C:\Users\admin\Favorites\Mail.Ru.url
text
MD5: 28161e54cb3ce3437b812cffe5d36dfa
SHA256: 5e3b71706277050ce3a08f7cbcd45b6d450f0cca7a84d1ec3a6182b776c68600
3404
mail.exe
C:\Users\admin\Links\Искать в Интернете.url
text
MD5: b72245103e7c3a59c85440e20317135d
SHA256: 75cf82e4581c060a4663b6d249ab3de840f66e0e97bbabfe5190e86ac1b72aea
3404
mail.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mail.Ru.lnk
lnk
MD5: 2d5e9a5f28dbe2648229312808b40463
SHA256: 7261322c0afcc6e91f52d0d8cfbe4796ded242933bddcb93e85aefd5be502794
3404
mail.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
lnk
MD5: 2d5e9a5f28dbe2648229312808b40463
SHA256: 7261322c0afcc6e91f52d0d8cfbe4796ded242933bddcb93e85aefd5be502794
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Sputnik\GoMailRu.ico
image
MD5: ed62b573b9ff118e3ec726d78c5a099f
SHA256: d8ae22194708322b6ca7c8f5686c85d41eaf847a804657adeef6abcab74b3270
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\b8ff-9d61-a866-e1d4\GoMailRu.ico
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Local\Mail.Ru\Sputnik\MailRu.ico
image
MD5: 1b8fb79aaa423be16049803fd901b79d
SHA256: 7f9c40702936f23f24828fb0b49edd70534f617bfadac2854061620d6dd435d2
3404
mail.exe
C:\Users\admin\AppData\Local\Temp\674a-9a46-5cb2-d294\MailRu.ico
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
––
MD5:  ––
SHA256:  ––
3404
mail.exe
C:\ProgramData\Mail.Ru\Id
text
MD5: 3f629fc77512aac17b0378ed30e43fcb
SHA256: 7a412c6f91eea6ba5b8125bd6e7bc250fabea925f6679782ce382e5b9ae79e90
3400
MailRuUpdater.exe
C:\Users\admin\AppData\Local\Mail.Ru\MailRuUpdater\prodmon
binary
MD5: c88ca60d6f1e4580dd44bff2d29f0873
SHA256: 1ac66ba913bf761eb47af1a2fbca103ebd385b5ff7d720dae2d546dc50fe801c

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
48
TCP/UDP connections
77
DNS requests
14
Threats
16

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=install&bgn=1&standalone=1&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=7&elapsed_time=0&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=spparams&raw=--elevation&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=7&elapsed_time=0&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=setup_unit&id=taskbar_mailru&event=done&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=13&elapsed_time=2&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=setup_unit&id=fav_gomailru&event=done&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=13&elapsed_time=2&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=setup_unit&id=ie_gomailru&event=done&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=13&elapsed_time=2&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=setup_unit&id=ie_mailru&event=done&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=13&elapsed_time=2&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=setup_unit&id=desktop_mailru&event=done&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=13&elapsed_time=2&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=spnative_load&id=mrupdater&event=done&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=14&elapsed_time=14&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
1468 na_runner.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=mru_install&ovr=0&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=0&comp_mem=3583&tool_mem=5&elapsed_time=0&mr_service=0&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
1312 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=mru_online&tool=mrupdater&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=5&elapsed_time=0&mr_service=0&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D RU
––
––
malicious
1468 na_runner.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=mru_install_service&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=6&elapsed_time=1&mr_service=0&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
2972 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=mru_online_service&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=5&elapsed_time=0&mr_service=1&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=spnative_run&id=mrupdater&event=done&exit_code=0&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=14&elapsed_time=15&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
1312 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=task_executed&taskid=%7B901B414B-72A2-48C6-8DCD-29388B8B3E40%7D&done=1&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=8&elapsed_time=0&mr_service=0&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
2972 MailRuUpdater.exe GET –– 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=task_executed&taskid=%7B901B414B-72A2-48C6-8DCD-29388B8B3E40%7D&done=1&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=7&elapsed_time=1&mr_service=1&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
1312 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=mruinfo&last_ch=9877633&ch_ver=75.0.3770.100&ie_hp=about&ie_dse=www.bing.com&ie_ver=8.00.7600.16385&last_ff=9877659&ff_ver=67.0.4&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=8&elapsed_time=0&mr_service=0&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
1312 MailRuUpdater.exe GET –– 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=task_executed&taskid=%7B2AB1F4AB-E3FA-4047-9033-EC223C8354F5%7D&done=1&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=8&elapsed_time=0&mr_service=0&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
1312 MailRuUpdater.exe GET –– 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=task_executed&taskid=%7BB202C093-6D9F-43F2-8B6C-44FC1583EFAF%7D&done=1&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=8&elapsed_time=0&mr_service=0&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
3404 mail.exe GET –– 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=sp_prep&time=15000&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=14&elapsed_time=17&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
3404 mail.exe GET –– 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=prog_set&target=ch&prog=xtn_hpdse&event=done&error=-1&mr_ext=iepoegkaoeljnbhagabakjodgpfniimo&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=14&elapsed_time=17&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
2972 MailRuUpdater.exe GET –– 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=mru_iapp&id=waiter&event=done&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=8&elapsed_time=4&mr_service=1&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
3800 mrupdsrv.exe GET –– 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=waiter_online&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=3.12.0.10&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=4&elapsed_time=0&mr_service=1&os=win6.1&GUID=&install_id=&tool=waiter RU
––
––
malicious
3800 mrupdsrv.exe GET –– 217.69.139.247:80 http://xml.binupdate.mail.ru/tasks/tasks.mrdj?masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&install_id=&tool=waiter&ver=3.12.0.10&os=win6.1 RU
––
––
shared
2972 MailRuUpdater.exe GET –– 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=task_executed&taskid=%7B84DC8324-C256-4EF5-B0DC-383B43EE77E9%7D&done=1&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=8&elapsed_time=4&mr_service=1&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
3800 mrupdsrv.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=task_executed&taskid=smon&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=ServicePack1&uac=1&admin=1&ver=3.12.0.10&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=6&elapsed_time=1&mr_service=1&os=win6.1&GUID=&install_id=&tool=waiter RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=component_pay&paid_action=1&paid_browser=1&br=ch&comp=hpdse&pay_browser_class=0&install_browser_class=0&rfr=&err_before=3%3A1&err_after=&err_install=&br_default=&browser_class1=0&browser_class2=1&extid=iepoegkaoeljnbhagabakjodgpfniimo&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=14&elapsed_time=17&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules=&rand=095283533465827005180791020311251&randh=4d51303030302031202020202020202020202020&chrome_ud=j0SfQUs%2BjD%2FF0x2TZ%2FPknhbMd3T09H17hJxcdPFTqks%3D RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=component_pay&paid_action=1&paid_browser=1&br=ch&comp=pult&pay_browser_class=0&install_browser_class=0&rfr=&err_before=3%3A1&err_after=&err_install=&br_default=&browser_class1=0&browser_class2=1&extid=hjdkfkdkokphfploiiddakjokndinfgb&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=14&elapsed_time=17&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules=&rand=095283533465827005180791020311251&randh=4d51303030302031202020202020202020202020&chrome_ud=ye4S0pPfv7tzo8wdKVQty66vsqUADbRlt9zPQCNjipw%3D RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=prog_set&target=ff&prog=xtn_dse&event=done&error=-1&mr_ext=search%40mail.ru&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=15&elapsed_time=18&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=prog_set&target=ff&prog=xtn_hp&event=done&error=-1&mr_ext=homepage%40mail.ru&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=15&elapsed_time=18&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=prog_set&target=ff&prog=xtn_pult&event=done&error=-1&mr_ext=%7Ba38384b3-2d1d-4f36-bc22-0f7ae402bcd7%7D&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=15&elapsed_time=18&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=component_pay&paid_action=1&paid_browser=1&br=ff&comp=dse&pay_browser_class=0&install_browser_class=0&rfr=&err_before=3%3A1&err_after=&err_install=&br_default=&browser_class1=0&browser_class2=1&extid=search%40mail.ru&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=15&elapsed_time=18&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules=&rand=095283533465827005180791020311251&randh=4d51303030302031202020202020202020202020&chrome_ud=xsLqK%2F8mX4eBxFmxG9Ckp6kJV86mJh%2BjHiuHKuLOTqI%3D RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=component_pay&paid_action=1&paid_browser=1&br=ff&comp=hp&pay_browser_class=0&install_browser_class=0&rfr=&err_before=3%3A1&err_after=&err_install=&br_default=&browser_class1=0&browser_class2=1&extid=homepage%40mail.ru&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=15&elapsed_time=18&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules=&rand=095283533465827005180791020311251&randh=4d51303030302031202020202020202020202020&chrome_ud=farKjbhVhSrwitWQfcI1%2ByRnTGHp7DQAOFAKU1vKi%2B0%3D RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=component_pay&paid_action=1&paid_browser=1&br=ff&comp=pult&pay_browser_class=0&install_browser_class=0&rfr=&err_before=3%3A1&err_after=&err_install=&br_default=&browser_class1=0&browser_class2=1&extid=%7Ba38384b3-2d1d-4f36-bc22-0f7ae402bcd7%7D&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=15&elapsed_time=18&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules=&rand=095283533465827005180791020311251&randh=4d51303030302031202020202020202020202020&chrome_ud=LtuXlfXVwA1VYu%2BB4thgRxMTw2aT1fHaEv0EBTzvkD4%3D RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=prog_set&target=ie&prog=xtn_dse&event=done&error=-1&mr_ext=%7B8E8F97CD-60B5-456F-A201-73065652D099%7D&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=16&elapsed_time=25&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=component_pay&paid_action=1&paid_browser=1&br=ie&comp=dse&pay_browser_class=0&install_browser_class=0&rfr=&err_before=&err_after=&err_install=&br_default=&browser_class1=0&browser_class2=1&extid=%7B8E8F97CD-60B5-456F-A201-73065652D099%7D&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=16&elapsed_time=25&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules=&rand=095283533465827005180791020311251&randh=4d51303030302031202020202020202020202020&chrome_ud=VsdOp53uSQTgPvM%2B7gIPiwjHQvhnEOkXw5SKbNzEgYo%3D RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=component_pay&paid_action=1&paid_browser=1&br=ie&comp=hp&pay_browser_class=0&install_browser_class=0&rfr=&err_before=&err_after=&err_install=&br_default=&browser_class1=0&browser_class2=1&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=16&elapsed_time=25&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules=&rand=095283533465827005180791020311251&randh=4d51303030302031202020202020202020202020&chrome_ud=5AI4CQR21ayAHIz5PaFUoQbke1kK0yv8x%2FVnG2%2BbaOk%3D RU
––
––
malicious
3404 mail.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=install&success=1&br=&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.194&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=16&elapsed_time=25&mr_service=0&os=win6.1&tool=sputnik&GUID=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&common_rfr=&install_id=%7B81715541-897E-47C6-BC66-277937B5D9D0%7D&rfr_rules= RU
––
––
malicious
2972 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=mrupdate&result=1&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.0.0.176&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=8&elapsed_time=15&mr_service=1&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
2464 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=mru_online_service&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=4&elapsed_time=0&mr_service=1&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
1916 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=mru_update_service&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=5&elapsed_time=1&mr_service=0&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
2464 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=task_executed&taskid=%7B901B414B-72A2-48C6-8DCD-29388B8B3E40%7D&done=1&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=8&elapsed_time=0&mr_service=1&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
2360 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=mru_install&ovr=1&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=4&elapsed_time=4&mr_service=0&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
3400 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=mru_online&tool=mrupdater&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=4&elapsed_time=0&mr_service=0&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D RU
––
––
malicious
2360 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=mru_install_service&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=6&elapsed_time=5&mr_service=0&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
1636 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=mru_online_service&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=4&elapsed_time=0&mr_service=1&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
3400 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=task_executed&taskid=%7B901B414B-72A2-48C6-8DCD-29388B8B3E40%7D&done=1&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=8&elapsed_time=0&mr_service=0&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
1636 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=task_executed&taskid=%7B901B414B-72A2-48C6-8DCD-29388B8B3E40%7D&done=1&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=7&elapsed_time=1&mr_service=1&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious
3400 MailRuUpdater.exe GET 204 217.69.139.245:80 http://mrds.mail.ru/update/2/version.txt?type=task_executed&taskid=smon&masterid=%7B4170D283-1CFF-42C2-83E1-1C1522907EE1%7D&user_id=%7BA393C707-0C17-490F-946A-88557E5D9868%7D&osver=7&osbit=32&osvernum=6.1&ossp=Service%20Pack%201&uac=1&admin=1&ver=5.1.0.195&mailru_guard=0&mailru_updater=1&comp_mem=3583&tool_mem=9&elapsed_time=1&mr_service=0&os=win6.1&install_id=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&GUID=%7B91B7B558-A0A9-4458-8233-76AA3D25226A%7D&tool=mrupdater RU
––
––
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3404 mail.exe 217.69.139.247:443 Limited liability company Mail.Ru RU unknown
3404 mail.exe 217.69.139.122:443 Limited liability company Mail.Ru RU unknown
3404 mail.exe 217.69.139.245:443 Limited liability company Mail.Ru RU malicious
3404 mail.exe 94.100.180.110:443 Limited liability company Mail.Ru RU suspicious
3404 mail.exe 217.69.139.110:443 Limited liability company Mail.Ru RU suspicious
3404 mail.exe 217.69.139.245:80 Limited liability company Mail.Ru RU malicious
1468 na_runner.exe 217.69.139.245:80 Limited liability company Mail.Ru RU malicious
1312 MailRuUpdater.exe 217.69.139.245:80 Limited liability company Mail.Ru RU malicious
1312 MailRuUpdater.exe 217.69.139.245:443 Limited liability company Mail.Ru RU malicious
1312 MailRuUpdater.exe 217.69.139.247:443 Limited liability company Mail.Ru RU unknown
2972 MailRuUpdater.exe 217.69.139.245:443 Limited liability company Mail.Ru RU malicious
2972 MailRuUpdater.exe 217.69.139.245:80 Limited liability company Mail.Ru RU malicious
1312 MailRuUpdater.exe 94.100.180.110:443 Limited liability company Mail.Ru RU suspicious
2972 MailRuUpdater.exe 94.100.180.110:443 Limited liability company Mail.Ru RU suspicious
2972 MailRuUpdater.exe 217.69.139.247:443 Limited liability company Mail.Ru RU unknown
3800 mrupdsrv.exe 217.69.139.245:80 Limited liability company Mail.Ru RU malicious
3800 mrupdsrv.exe 217.69.139.245:443 Limited liability company Mail.Ru RU malicious
3800 mrupdsrv.exe 217.69.139.247:80 Limited liability company Mail.Ru RU unknown
2464 MailRuUpdater.exe 217.69.139.245:80 Limited liability company Mail.Ru RU malicious
2464 MailRuUpdater.exe 217.69.139.247:443 Limited liability company Mail.Ru RU unknown
2464 MailRuUpdater.exe 217.69.139.245:443 Limited liability company Mail.Ru RU malicious
1916 MailRuUpdater.exe 217.69.139.245:80 Limited liability company Mail.Ru RU malicious
3400 MailRuUpdater.exe 217.69.139.245:80 Limited liability company Mail.Ru RU malicious
3400 MailRuUpdater.exe 217.69.139.245:443 Limited liability company Mail.Ru RU malicious
3400 MailRuUpdater.exe 217.69.139.247:443 Limited liability company Mail.Ru RU unknown
2360 MailRuUpdater.exe 217.69.139.245:80 Limited liability company Mail.Ru RU malicious
1636 MailRuUpdater.exe 217.69.139.245:443 Limited liability company Mail.Ru RU malicious
1636 MailRuUpdater.exe 217.69.139.245:80 Limited liability company Mail.Ru RU malicious
1636 MailRuUpdater.exe 217.69.139.247:443 Limited liability company Mail.Ru RU unknown
–– –– 217.69.139.245:80 Limited liability company Mail.Ru RU malicious

DNS requests

Domain IP Reputation
xmlbinupdate.mail.ru 217.69.139.247
shared
conserv.go.mail.ru 217.69.139.122
malicious
mrds.mail.ru 217.69.139.245
malicious
mailruupdater.cdnmail.ru 94.100.180.110
malicious
xtnmailru.cdnmail.ru 217.69.139.110
malicious
binupdate.mail.ru 217.69.139.245
shared
gosoftdl.mail.ru 217.69.139.110
shared
xml.binupdate.mail.ru 217.69.139.247
shared

Threats

PID Process Class Message
3800 mrupdsrv.exe Misc activity ADWARE [PTsecurity] Win32/MailRuSputnik.ru Agent PUA
3800 mrupdsrv.exe Misc activity ADWARE [PTsecurity] Win32/MailRuSputnik.ru Agent PUA

14 ETPRO signatures available at the full report

Debug output strings

Process Message
MailRuUpdater.exe RunAsService: Entry
MailRuUpdater.exe RunAsService: Entry
MailRuUpdater.exe RunAsService: Entry
MailRuUpdater.exe RunAsService: Entry
MailRuUpdater.exe RunAsService: Entry
MailRuUpdater.exe RunAsService: Entry
MailRuUpdater.exe RunAsService: Entry
MailRuUpdater.exe RunAsService: Entry
MailRuUpdater.exe RunAsService: Entry
MailRuUpdater.exe RunAsService: Entry
MailRuUpdater.exe RunAsService: Entry
MailRuUpdater.exe RunAsService: Entry