ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.Siggen32.7824

Added to the Dr.Web virus database: 2025-11-15

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '{5f3519b8-f16b-431b-ba5e-502c73780c0a}' = '"%LOCALAPPDATA%\Package Cache\{5f3519b8-f16b-431b-ba5e-502c73780c0a}\setup-win32-bundle.exe"...
  • [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'HighStone' = '%LOCALAPPDATA%\Programs\HighStone\HighStone.exe'
Creates or modifies the following files
  • <SYSTEM32>\tasks\slap-waist
  • <SYSTEM32>\tasks\recipecleaner-s-1-5-21-4226853953-3309226944-3078887307-1000
Malicious functions
Creates and executes the following
  • '%TEMP%\is-0i40u.tmp\setup-gdgb.tmp' (downloaded from the Internet)
  • '%TEMP%\is-p4afl.tmp\downloader.exe' (downloaded from the Internet)
Executes the following
  • '%WINDIR%\syswow64\taskkill.exe' https://setstat.ru/api/savePostback?chid=%s&guid=%s&type=spTGMacro.exe
Sets a new unauthorized home page for Windows Internet Explorer.
Modifies file system
Creates the following files
  • %TEMP%\5ixlrqltnh\wflkzvpyta\launcher-highstone-0.1.1.exe
  • %TEMP%\5ixlrqltnh\wfyrvm81is\downloader.exe
  • %TEMP%\7f4987fb1a6e43d69e3e94b29eb75926\seed.txt
  • %TEMP%\7f4987fb1a6e43d69e3e94b29eb75926\downloader.5928.log
  • %TEMP%\nso54a9.tmp\system.dll
  • %TEMP%\nso54a9.tmp\uac.dll
  • %TEMP%\nso54a9.tmp\stdutils.dll
  • %TEMP%\nso54a9.tmp\nsexec.dll
  • %TEMP%\nso54a9.tmp\inetc.dll
  • %TEMP%\5ixlrqltnh\wfjn5livqs\setup-gdgb.exe
  • %TEMP%\is-0i40u.tmp\setup-gdgb.tmp
  • %TEMP%\5ixlrqltnh\wfx8amdmzz\setup-win32-bundle.exe
  • %TEMP%\nso54a9.tmp\package.7z
  • %TEMP%\is-p4afl.tmp\_isetup\_setup64.tmp
  • %WINDIR%\temp\{94900072-5be7-46a3-a3a2-06910591e239}\.cr\setup-win32-bundle.exe
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\.ba\wixstdba.dll
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\.ba\thm.xml
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\.ba\thm.wxl
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\.ba\logo.png
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\.ba\logoside.png
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\.ba\bootstrapperapplicationdata.xml
  • %TEMP%\7f4987fb1a6e43d69e3e94b29eb75926\yandexpacksetup.exe
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\.be\setup-win32-bundle.exe
  • %LOCALAPPDATA%\package cache\{5f3519b8-f16b-431b-ba5e-502c73780c0a}\setup-win32-bundle.exe
  • %LOCALAPPDATA%\package cache\{5f3519b8-f16b-431b-ba5e-502c73780c0a}\state.rsm
  • %TEMP%\{5b964e0e-b9a3-4276-9ed9-4d5a5720747a}\yandexsearch.msi
  • %TEMP%\yandexsearch00000.log
  • %TEMP%\is-p4afl.tmp\logo y.bmp
  • %TEMP%\is-p4afl.tmp\tgmult.zip
  • %TEMP%\vendor00000.xml
  • %APPDATA%\yandex\clids-yabrowser.xml
  • %TEMP%\clids-yasearch.xml
  • %WINDIR%\temp\~df4de3f8f4ad10de03.tmp
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\setup
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\setup.r
  • %TEMP%\f0f3235e-daf7-4b92-a760-f05c60b07863\sender.exe
  • %TEMP%\0ddd8efd-7546-49a2-8c3a-8725bc925b0f\lite_installer.exe
  • %TEMP%\lite_installer.exe@3360.log
  • %TEMP%\d315a54e-bb46-4f07-aa3c-7c39bf9d7ee3\seederexe.exe
  • %TEMP%\seeder-5280.log
  • %WINDIR%\installer\sourcehash{5b964e0e-b9a3-4276-9ed9-4d5a5720747a}
  • %WINDIR%\temp\~dfbedf1d1db3e19bc4.tmp
  • %APPDATA%\yandex\ui
  • %TEMP%\tmp5280aaaaaa
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\afisha_index.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\afisha_index.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\auto-16.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\auto-16.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\auto-216x132.gif
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\auto-32.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\auto-455x256.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\context.json
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\download.ps1
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\kinopoisk-16_32.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\mail-16.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\mail-16_32.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\mail-212x132.gif
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\mail-32.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\mail-455x256.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\maps-16.tr.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\maps-212x132.tr.gif
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\maps-32.tr.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\maps-455x256.tr.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\market-16.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\market-16.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\market-212x132.gif
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\market-212x132.kz.gif
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\market-212x132.tr.gif
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\market-212x132.ua.gif
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\market-32.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\market-455x256.kz.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\market-455x256.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\market-455x256.tr.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\market-455x256.ua.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\market_16x16.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\market_favicon.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\morda-16.ru.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\morda-16.tr.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\morda-16_32.ru.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\morda-16_32.tr.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\morda-216x132.ru.gif
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\morda-216x132.tr.gif
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\morda-32.ru.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\morda-32.tr.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\morda-455x256.ru.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\morda-455x256.tr.png
  • %WINDIR%\temp\~df9470a293d90236fc.tmp
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\morda-65x26.ru.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\morda-65x26.tr.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\news-16.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\news-16.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\news-212x132.gif
  • %WINDIR%\temp\~df8f6c945b5b49a886.tmp
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\news-32.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\news-455x256.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\pinned-16_32.ru.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\pogoda_index.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\pogoda_index.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\realty-16.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\realty-16.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\realty-212x132.gif
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\realty-32.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\realty-455x256.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\sovetnik-at-metabar.json
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\sovetnik-at-metabar.xpi
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\trans_index.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\trans_index.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\travel_index.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\travel_index.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\vb-at-yandex.ru.json
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\vb-at-yandex.ru.xpi
  • %LOCALAPPDATA%\yandex\yapin\yandex.exe
  • %WINDIR%\temp\~df56b5c760a1cb8cbb.tmp
  • %WINDIR%\temp\~df4e006cfd163c172f.tmp
  • %WINDIR%\temp\~df1efaeaa5c1cb11b4.tmp
  • %WINDIR%\temp\~df0dfaf5228ace3b02.tmp
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\video_index.ico
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\video_index.png
  • %TEMP%\487d0cee-d46a-4624-a7bf-050529b05ed0\ya_favicon.ico
  • %TEMP%\tmp5280baaaaa
  • %TEMP%\tmp5280caaaaa
  • %WINDIR%\temp\~df727f5e27cefe9525.tmp
  • %TEMP%\omnija-20254114.zip
  • %WINDIR%\temp\~df96bd94fdca22698c.tmp
  • %TEMP%\is-p4afl.tmp\downloader.exe
  • %WINDIR%\temp\~df0af9d6e786a9ba7c.tmp
  • %WINDIR%\temp\~dfc2aa3768b617aa3c.tmp
  • %TEMP%\7f4987fb1a6e43d69e3e94b29eb75926\stat.1572.log
  • %ALLUSERSPROFILE%\rustle-pool\is-i1ou7.tmp
  • %TEMP%\is-p4afl.tmp\is-llnf9.tmp
  • %TEMP%\is-p4afl.tmp\is-dd7dr.tmp
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\support-tend\slap-waist.lnk
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\support-tend\uninstall slap-waist.lnk
  • %HOMEPATH%\desktop\slap-waist.lnk
  • %APPDATA%\microsoft\internet explorer\quick launch\slap-waist.lnk
  • %ALLUSERSPROFILE%\rustle-pool\unins000.dat
  • %WINDIR%\temp\~dfa14eb98bdeb50734.tmp
  • %WINDIR%\installer\sourcehash{a532cf68-2992-4f11-a16f-83599fdadf3a}
  • %WINDIR%\temp\~df770c4abfda2804c7.tmp
  • %TEMP%\fa187915da.xml
  • %ALLUSERSPROFILE%\rustle-pool\csinputs.dll
  • %ALLUSERSPROFILE%\rustle-pool\tgmacro.exe
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\places.sqlite-journal
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\places.sqlite
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\places.sqlite-shm
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\places.sqlite-wal
  • %TEMP%\7f4987fb1a6e43d69e3e94b29eb75926\downloader.3904.log
  • %TEMP%\omnija-20254214.zip
  • %TEMP%\nso54a9.tmp\nsis7z.dll
  • %TEMP%\nso54a9.tmp\7z-out\license.electron.txt
  • %TEMP%\nso54a9.tmp\7z-out\licenses.chromium.html
  • %TEMP%\nso54a9.tmp\7z-out\chrome_100_percent.pak
  • %TEMP%\nso54a9.tmp\7z-out\chrome_200_percent.pak
  • %LOCALAPPDATA%\programs\463f47\fa187915da.msi
  • %TEMP%\7f4987fb1a6e43d69e3e94b29eb75926\downloader.1028.log
  • %TEMP%\nso54a9.tmp\7z-out\icudtl.dat
  • %TEMP%\nso54a9.tmp\7z-out\locales\af.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\am.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ar.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\bg.pak
  • %TEMP%\{3102fbde-ef35-4478-85f8-003073b2e291}.exe
  • %TEMP%\nso54a9.tmp\7z-out\locales\bn.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ca.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\cs.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\da.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\de.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\el.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\en-gb.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\en-us.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\es-419.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\es.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\et.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\fa.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\fi.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\fil.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\fr.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\gu.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\he.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\hi.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\hr.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\hu.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\id.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\it.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ja.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\kn.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ko.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\lt.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\lv.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ml.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\mr.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ms.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\nb.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\nl.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\pl.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\pt-br.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\pt-pt.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ro.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ru.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\sk.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\sl.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\sr.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\sv.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\sw.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ta.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\te.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\th.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\tr.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\uk.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ur.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\vi.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\zh-cn.pak
  • %WINDIR%\temp\~dfb041421923cefc92.tmp
  • %TEMP%\nso54a9.tmp\7z-out\locales\zh-tw.pak
  • %WINDIR%\temp\~df001c620fbbc0b773.tmp
  • %TEMP%\nso54a9.tmp\7z-out\resources.pak
  • %TEMP%\nso54a9.tmp\7z-out\resources\app-update.yml
  • %TEMP%\nso54a9.tmp\7z-out\resources\app.asar
  • %TEMP%\nso54a9.tmp\7z-out\snapshot_blob.bin
  • %TEMP%\nso54a9.tmp\7z-out\v8_context_snapshot.bin
  • %TEMP%\nso54a9.tmp\7z-out\vk_swiftshader_icd.json
  • %APPDATA%\microsoft\installer\{a532cf68-2992-4f11-a16f-83599fdadf3a}\appicon.ico
  • %TEMP%\nso54a9.tmp\7z-out\highstone.exe
  • %WINDIR%\temp\~df2b27709f1113bf1b.tmp
  • %WINDIR%\temp\~df6def10d43b5fe871.tmp
  • %WINDIR%\temp\~dff459890206547ca8.tmp
  • %WINDIR%\temp\~df05e431126c421e11.tmp
  • %WINDIR%\temp\~df90d5cc22a8e58389.tmp
  • %WINDIR%\temp\~df7fd0966572e12115.tmp
  • %WINDIR%\temp\~df5bfc54f8c3ec338c.tmp
  • %WINDIR%\temp\~df2741570da2d3da69.tmp
  • %TEMP%\nso54a9.tmp\7z-out\d3dcompiler_47.dll
  • %TEMP%\nso54a9.tmp\7z-out\ffmpeg.dll
  • %TEMP%\nso54a9.tmp\7z-out\libegl.dll
  • %TEMP%\nso54a9.tmp\7z-out\libglesv2.dll
  • %TEMP%\nso54a9.tmp\7z-out\resources\elevate.exe
  • %TEMP%\nso54a9.tmp\7z-out\vk_swiftshader.dll
  • %TEMP%\nso54a9.tmp\7z-out\vulkan-1.dll
  • %TEMP%\5372f6b7-5ba2-4992-b3bc-1f827e28c2a5
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\prefs.js-20251114234212.491725.backup
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\places.sqlite-20251114234212.491725.backup
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\search.json.mozlz4-20251114234212.516084.backup
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\places.sqlite-20251114234212.527649.backup
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\searchplugins\yandex.ru-20254214.xml
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\xulstore.json
  • %LOCALAPPDATA%\programs\highstone\chrome_100_percent.pak
  • %LOCALAPPDATA%\programs\highstone\chrome_200_percent.pak
  • %LOCALAPPDATA%\programs\highstone\d3dcompiler_47.dll
  • %LOCALAPPDATA%\programs\highstone\ffmpeg.dll
  • %LOCALAPPDATA%\programs\highstone\highstone.exe
  • %LOCALAPPDATA%\google\chrome\user data\default\favicons-20251114234213.171134.backup
  • %LOCALAPPDATA%\google\chrome\user data\default\top sites-20251114234213.171134.backup
  • %LOCALAPPDATA%\google\chrome\user data\default\history-20251114234213.171134.backup
  • %LOCALAPPDATA%\google\chrome\user data\default\bookmarks
  • %LOCALAPPDATA%\programs\highstone\icudtl.dat
  • %LOCALAPPDATA%\programs\highstone\libegl.dll
  • %LOCALAPPDATA%\programs\highstone\libglesv2.dll
  • %LOCALAPPDATA%\programs\highstone\license.electron.txt
  • %LOCALAPPDATA%\programs\highstone\licenses.chromium.html
  • %LOCALAPPDATA%\programs\highstone\resources.pak
  • %LOCALAPPDATA%\programs\highstone\snapshot_blob.bin
  • %LOCALAPPDATA%\programs\highstone\v8_context_snapshot.bin
  • %LOCALAPPDATA%\programs\highstone\vk_swiftshader.dll
  • %LOCALAPPDATA%\programs\highstone\vk_swiftshader_icd.json
  • %LOCALAPPDATA%\programs\highstone\vulkan-1.dll
  • %LOCALAPPDATA%\programs\highstone\locales\af.pak
  • %LOCALAPPDATA%\programs\highstone\locales\am.pak
  • %LOCALAPPDATA%\programs\highstone\locales\ar.pak
  • %LOCALAPPDATA%\programs\highstone\locales\bg.pak
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\manifest-000001
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000001.dbtmp
  • %LOCALAPPDATA%\programs\highstone\locales\bn.pak
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\manifest-000002
  • %LOCALAPPDATA%\programs\highstone\locales\ca.pak
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000002.dbtmp
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\log
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000003.log
  • %LOCALAPPDATA%\programs\highstone\locales\cs.pak
  • %LOCALAPPDATA%\programs\highstone\locales\da.pak
  • %LOCALAPPDATA%\programs\highstone\locales\de.pak
  • %LOCALAPPDATA%\programs\highstone\locales\el.pak
  • %LOCALAPPDATA%\programs\highstone\locales\en-gb.pak
  • %LOCALAPPDATA%\programs\highstone\locales\en-us.pak
  • %LOCALAPPDATA%\programs\highstone\locales\es-419.pak
  • %LOCALAPPDATA%\microsoft\internet explorer\services\yandex.ru.ico
  • %LOCALAPPDATA%\microsoft\internet explorer\services\www.ya.ru.ico
  • %HOMEPATH%\favorites\links\яндекс.url
  • %LOCALAPPDATA%\programs\highstone\locales\es.pak
  • %LOCALAPPDATA%\programs\highstone\locales\et.pak
  • %LOCALAPPDATA%\programs\highstone\locales\fa.pak
  • %LOCALAPPDATA%\programs\highstone\locales\fi.pak
  • %LOCALAPPDATA%\programs\highstone\locales\fil.pak
  • %APPDATA%\opera software\opera stable\preferences-20251114234215.259824.backup
  • %LOCALAPPDATA%\programs\highstone\locales\fr.pak
  • %APPDATA%\opera software\opera stable\bookmarks-20251114234215.259824.backup
  • %APPDATA%\opera software\opera stable\history-20251114234215.259824.backup
  • %LOCALAPPDATA%\programs\highstone\locales\gu.pak
  • %APPDATA%\opera software\opera stable\bookmarksextras
  • %LOCALAPPDATA%\programs\highstone\locales\he.pak
  • %APPDATA%\opera software\opera stable\preferences-20251114234215.416581.backup
  • %APPDATA%\opera software\opera stable\bookmarks-20251114234215.416581.backup
  • %APPDATA%\opera software\opera stable\history-20251114234215.416581.backup
  • %LOCALAPPDATA%\programs\highstone\locales\hi.pak
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\prefs.js
  • %LOCALAPPDATA%\programs\highstone\locales\hr.pak
  • %LOCALAPPDATA%\programs\highstone\locales\hu.pak
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\prefs.js
  • %LOCALAPPDATA%\programs\highstone\locales\id.pak
  • %LOCALAPPDATA%\programs\highstone\locales\it.pak
  • %LOCALAPPDATA%\programs\highstone\locales\ja.pak
  • %LOCALAPPDATA%\programs\highstone\locales\kn.pak
  • %LOCALAPPDATA%\programs\highstone\locales\ko.pak
  • %LOCALAPPDATA%\programs\highstone\locales\lt.pak
  • %LOCALAPPDATA%\programs\highstone\locales\lv.pak
  • %LOCALAPPDATA%\programs\highstone\locales\ml.pak
  • %LOCALAPPDATA%\programs\highstone\locales\mr.pak
  • %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\яндекс.website
  • %LOCALAPPDATA%\programs\highstone\locales\ms.pak
  • %TEMP%\yandexsearch00001.log
  • %LOCALAPPDATA%\programs\highstone\locales\nb.pak
  • %LOCALAPPDATA%\programs\highstone\locales\nl.pak
  • %LOCALAPPDATA%\programs\highstone\locales\pl.pak
  • %LOCALAPPDATA%\programs\highstone\locales\pt-br.pak
  • %LOCALAPPDATA%\programs\highstone\locales\pt-pt.pak
  • %LOCALAPPDATA%\yandex\yapin\яндекс.website
  • %LOCALAPPDATA%\yandex\yapin\yandexworking.exe
  • %LOCALAPPDATA%\programs\highstone\locales\ro.pak
  • %LOCALAPPDATA%\programs\highstone\locales\ru.pak
  • %LOCALAPPDATA%\programs\highstone\locales\sk.pak
  • %LOCALAPPDATA%\programs\highstone\locales\sl.pak
  • %LOCALAPPDATA%\programs\highstone\locales\sr.pak
  • %LOCALAPPDATA%\programs\highstone\locales\sv.pak
  • %LOCALAPPDATA%\programs\highstone\locales\sw.pak
  • %LOCALAPPDATA%\programs\highstone\locales\ta.pak
  • %LOCALAPPDATA%\programs\highstone\locales\te.pak
  • %LOCALAPPDATA%\programs\highstone\locales\th.pak
  • %LOCALAPPDATA%\yandex\yapin\yandex.lnk
  • %LOCALAPPDATA%\programs\highstone\locales\tr.pak
  • %LOCALAPPDATA%\programs\highstone\locales\uk.pak
  • %LOCALAPPDATA%\programs\highstone\locales\ur.pak
  • %LOCALAPPDATA%\programs\highstone\locales\vi.pak
  • %LOCALAPPDATA%\programs\highstone\locales\zh-cn.pak
  • %LOCALAPPDATA%\programs\highstone\locales\zh-tw.pak
  • %LOCALAPPDATA%\programs\highstone\resources\app-update.yml
  • %LOCALAPPDATA%\programs\highstone\resources\app.asar
  • %LOCALAPPDATA%\programs\highstone\resources\elevate.exe
  • %TEMP%\pin\explorer.exe
  • %LOCALAPPDATA%\highstone-updater\package.7z
  • %LOCALAPPDATA%\programs\highstone\uninstall highstone.exe
  • %APPDATA%\microsoft\windows\start menu\programs\highstone.lnk
  • %TEMP%\nso54a9.tmp\winshell.dll
  • %WINDIR%\temp\~df54752c5434915957.tmp
  • %HOMEPATH%\desktop\highstone.lnk
  • %TEMP%\13a10af0-2140-44df-8fe9-97e7a48222a5\sender.exe
  • %TEMP%\nsk561c.tmp
  • %TEMP%\d6216b89-6d8a-4781-a03e-3ccd584a4254\lite_installer.exe
  • %TEMP%\lite_installer.log
  • %TEMP%\partnerfile
  • %TEMP%\brandfile
  • %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\yandex.lnk
  • %TEMP%\master_preferences
  • %TEMP%\clids.xml
  • %TEMP%\website.ico
  • %TEMP%\abt_config_resource
  • %TEMP%\variations_resource
  • %TEMP%\lite_installer.exe@2952.log
  • %TEMP%\29ea40e5-7380-42c3-84fa-71413af971ad\seederexe.exe
  • %TEMP%\seeder-2692.log
  • %LOCALAPPDATA%\yandex\browsermanager\data\seedertasks\thumbsv1.json.tmp
  • %TEMP%\tmp2692aaaaaa
  • %LOCALAPPDATA%\yandex\browsermanager\data\seedertasks\thumbsv1.json
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\afisha_index.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\afisha_index.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\auto-16.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\auto-16.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\auto-216x132.gif
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\auto-32.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\auto-455x256.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\context.json
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\download.ps1
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\kinopoisk-16_32.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\mail-16.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\mail-16_32.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\mail-212x132.gif
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\mail-32.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\mail-455x256.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\maps-16.tr.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\maps-212x132.tr.gif
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\maps-32.tr.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\maps-455x256.tr.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\market-16.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\market-16.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\market-212x132.gif
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\market-212x132.kz.gif
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\market-212x132.tr.gif
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\market-212x132.ua.gif
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\market-32.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\market-455x256.kz.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\market-455x256.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\market-455x256.tr.png
  • %TEMP%\sender.exe@5136.log
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\market-455x256.ua.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\market_16x16.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\market_favicon.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\morda-16.ru.png
  • %WINDIR%\temp\~dfd0dc3d259501b4ee.tmp
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\morda-16.tr.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\morda-16_32.ru.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\morda-16_32.tr.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\morda-216x132.ru.gif
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\morda-216x132.tr.gif
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\morda-32.ru.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\morda-32.tr.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\morda-455x256.ru.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\morda-455x256.tr.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\morda-65x26.ru.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\morda-65x26.tr.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\news-16.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\news-16.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\news-212x132.gif
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\news-32.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\news-455x256.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\pinned-16_32.ru.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\pogoda_index.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\pogoda_index.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\realty-16.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\realty-16.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\realty-212x132.gif
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\realty-32.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\realty-455x256.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\sovetnik-at-metabar.json
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\sovetnik-at-metabar.xpi
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\trans_index.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\trans_index.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\travel_index.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\travel_index.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\vb-at-yandex.ru.json
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\vb-at-yandex.ru.xpi
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\video_index.ico
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\video_index.png
  • %TEMP%\5b12c588-aebc-45cf-ad6d-7062d72296af\ya_favicon.ico
  • %WINDIR%\temp\~df58b3704d7a732420.tmp
  • %WINDIR%\temp\~df54e4440c2d573f98.tmp
  • %TEMP%\f3a50263-3b14-4cab-b2f3-e8d33dc8e5e1.tmp
  • %TEMP%\tmp2692baaaaa
  • %TEMP%\tmp2692caaaaa
  • %WINDIR%\temp\~dfc9748ddd695a41e6.tmp
  • %WINDIR%\temp\~df7d7b285cf9e9ece4.tmp
  • %WINDIR%\temp\~dfeb76e3b3fd0fafc2.tmp
  • %WINDIR%\temp\~dfdfb5716a36fe9750.tmp
  • %TEMP%\5913e2f8-3e9b-4049-b876-0ffa2c7c2f8e.tmp
  • %WINDIR%\temp\~dfbca9f1e226fb4361.tmp
  • %WINDIR%\temp\~df711e6c592d88197c.tmp
  • %WINDIR%\temp\~df494d62d8786ff31d.tmp
  • %WINDIR%\temp\~dfbf5c353f927561fd.tmp
  • %TEMP%\7f4987fb1a6e43d69e3e94b29eb75926\stat.3940.log
  • %TEMP%\{c385dcf8-89a2-47e2-89a3-0a9314d36110}.exe
  • %TEMP%\yandexsearch00002.log
  • %WINDIR%\temp\~dfbbae42502b840a5d.tmp
  • %TEMP%\a6809f8d-8d4a-4196-add3-abc06dfecf7d\sender.exe
  • %TEMP%\f23f497b-0b79-4b7b-8c9d-6ab12472b271\lite_installer.exe
  • %TEMP%\2385da40-1299-488b-bc8f-adf818e9aa5c\seederexe.exe
  • %TEMP%\lite_installer.exe@5076.log
  • %TEMP%\seeder-5472.log
  • %WINDIR%\temp\~df0842e88919f808d9.tmp
  • %TEMP%\tmp5472aaaaaa
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\afisha_index.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\afisha_index.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\auto-16.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\auto-16.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\auto-216x132.gif
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\auto-32.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\auto-455x256.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\context.json
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\download.ps1
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\kinopoisk-16_32.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\mail-16.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\mail-16_32.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\mail-212x132.gif
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\mail-32.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\mail-455x256.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\maps-16.tr.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\maps-212x132.tr.gif
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\maps-32.tr.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\maps-455x256.tr.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\market-16.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\market-16.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\market-212x132.gif
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\market-212x132.kz.gif
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\market-212x132.tr.gif
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\market-212x132.ua.gif
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\market-32.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\market-455x256.kz.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\market-455x256.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\market-455x256.tr.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\market-455x256.ua.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\market_16x16.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\market_favicon.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\morda-16.ru.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\morda-16.tr.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\morda-16_32.ru.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\morda-16_32.tr.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\morda-216x132.ru.gif
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\morda-216x132.tr.gif
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\morda-32.ru.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\morda-32.tr.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\morda-455x256.ru.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\morda-455x256.tr.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\morda-65x26.ru.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\morda-65x26.tr.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\news-16.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\news-16.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\news-212x132.gif
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\news-32.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\news-455x256.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\pinned-16_32.ru.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\pogoda_index.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\pogoda_index.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\realty-16.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\realty-16.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\realty-212x132.gif
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\realty-32.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\realty-455x256.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\sovetnik-at-metabar.json
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\sovetnik-at-metabar.xpi
  • %WINDIR%\temp\~df31a4b9fbc120ccf5.tmp
  • %WINDIR%\temp\~df5627ea3fb0093a88.tmp
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\trans_index.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\trans_index.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\travel_index.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\travel_index.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\vb-at-yandex.ru.json
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\vb-at-yandex.ru.xpi
  • %WINDIR%\temp\~df6cb3b2e72bc66a0f.tmp
  • %WINDIR%\temp\~df122daa20f2acfe67.tmp
  • %WINDIR%\temp\~df3b89fbbf3e665b88.tmp
  • %WINDIR%\temp\~dfb00017bb360289eb.tmp
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\video_index.ico
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\video_index.png
  • %TEMP%\77f64921-072f-46a4-9e90-0e60167c15cd\ya_favicon.ico
  • %TEMP%\tmp5472baaaaa
  • %TEMP%\tmp5472caaaaa
  • %WINDIR%\temp\~df52cc0dc021d87020.tmp
  • %WINDIR%\temp\~dfd40464953d0a2d5f.tmp
  • %WINDIR%\temp\~dfdc855bda12b8e810.tmp
  • %WINDIR%\temp\~dfffb59d4b8290ac01.tmp
  • %TEMP%\region.properties
  • %TEMP%\7f4987fb1a6e43d69e3e94b29eb75926\stat.1040.log
  • %TEMP%\{ee754ef2-b8f1-4c7e-ae92-f26e06092382}.exe
  • %TEMP%\31ce81e2-1106-4280-afe7-4a1571f77e3a
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\prefs.js-20251114234247.869190.backup
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\places.sqlite-20251114234247.869190.backup
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\search.json.mozlz4-20251114234247.885277.backup
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\prefs.js-20251114234247.885277.backup
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\places.sqlite-20251114234247.885277.backup
  • %LOCALAPPDATA%\google\chrome\user data\default\bookmarks-20251114234248.147626.backup
  • %LOCALAPPDATA%\google\chrome\user data\default\favicons-20251114234248.147626.backup
  • %LOCALAPPDATA%\google\chrome\user data\default\top sites-20251114234248.147626.backup
  • %LOCALAPPDATA%\google\chrome\user data\default\history-20251114234248.147626.backup
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000005.sst
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\manifest-000004
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000004.dbtmp
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000006.log
  • %APPDATA%\opera software\opera stable\preferences-20251114234248.741308.backup
  • %APPDATA%\opera software\opera stable\bookmarks-20251114234248.741308.backup
  • %APPDATA%\opera software\opera stable\history-20251114234248.741308.backup
  • %APPDATA%\opera software\opera stable\preferences-20251114234248.794162.backup
  • %APPDATA%\opera software\opera stable\bookmarks-20251114234248.794162.backup
  • %APPDATA%\opera software\opera stable\history-20251114234248.794162.backup
  • %TEMP%\sender.exe@5320.log
  • %TEMP%\face6a41-f88b-43ef-bfd1-345274136014
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\prefs.js-20251114234253.897665.backup
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\places.sqlite-20251114234253.897665.backup
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\search.json.mozlz4-20251114234253.910381.backup
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\prefs.js-20251114234253.910381.backup
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\places.sqlite-20251114234253.910381.backup
  • %LOCALAPPDATA%\google\chrome\user data\default\bookmarks-20251114234254.149482.backup
  • %LOCALAPPDATA%\google\chrome\user data\default\favicons-20251114234254.149482.backup
  • %LOCALAPPDATA%\google\chrome\user data\default\top sites-20251114234254.149482.backup
  • %LOCALAPPDATA%\google\chrome\user data\default\history-20251114234254.149482.backup
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000008.sst
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\manifest-000007
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000007.dbtmp
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000009.log
  • %APPDATA%\opera software\opera stable\preferences-20251114234254.352366.backup
  • %APPDATA%\opera software\opera stable\bookmarks-20251114234254.352366.backup
  • %APPDATA%\opera software\opera stable\history-20251114234254.352366.backup
  • %APPDATA%\opera software\opera stable\preferences-20251114234254.404392.backup
  • %APPDATA%\opera software\opera stable\bookmarks-20251114234254.404392.backup
  • %APPDATA%\opera software\opera stable\history-20251114234254.404392.backup
Deletes following files that it created itself
  • %TEMP%\vendor00000.xml
  • %TEMP%\tmp5280aaaaaa
  • %TEMP%\{5b964e0e-b9a3-4276-9ed9-4d5a5720747a}\yandexsearch.msi
  • %TEMP%\is-p4afl.tmp\logo y.bmp
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\setup.r
  • %TEMP%\is-p4afl.tmp\tgmult.zip
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\places.sqlite-journal
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\places.sqlite-shm
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\places.sqlite-wal
  • %TEMP%\fa187915da.xml
  • %LOCALAPPDATA%\package cache\{a532cf68-2992-4f11-a16f-83599fdadf3a}v1.0.0.0\fa187915da.msi
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\.ba\bootstrapperapplicationdata.xml
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\.ba\logo.png
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\.ba\logoside.png
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\.ba\thm.wxl
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\.ba\thm.xml
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\.ba\wixstdba.dll
  • %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\.be\setup-win32-bundle.exe
  • %WINDIR%\temp\{94900072-5be7-46a3-a3a2-06910591e239}\.cr\setup-win32-bundle.exe
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\current
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\manifest-000001
  • %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\яндекс.website
  • %TEMP%\nsk561c.tmp
  • %TEMP%\nso54a9.tmp\7z-out\chrome_100_percent.pak
  • %TEMP%\nso54a9.tmp\7z-out\chrome_200_percent.pak
  • %TEMP%\nso54a9.tmp\7z-out\d3dcompiler_47.dll
  • %TEMP%\nso54a9.tmp\7z-out\ffmpeg.dll
  • %TEMP%\nso54a9.tmp\7z-out\highstone.exe
  • %TEMP%\nso54a9.tmp\7z-out\icudtl.dat
  • %TEMP%\nso54a9.tmp\7z-out\libegl.dll
  • %TEMP%\nso54a9.tmp\7z-out\libglesv2.dll
  • %TEMP%\nso54a9.tmp\7z-out\license.electron.txt
  • %TEMP%\nso54a9.tmp\7z-out\licenses.chromium.html
  • %TEMP%\nso54a9.tmp\7z-out\locales\af.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\am.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ar.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\bg.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\bn.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ca.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\cs.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\da.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\de.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\el.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\en-gb.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\en-us.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\es-419.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\es.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\et.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\fa.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\fi.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\fil.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\fr.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\gu.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\he.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\hi.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\hr.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\hu.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\id.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\it.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ja.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\kn.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ko.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\lt.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\lv.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ml.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\mr.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ms.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\nb.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\nl.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\pl.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\pt-br.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\pt-pt.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ro.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ru.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\sk.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\sl.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\sr.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\sv.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\sw.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ta.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\te.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\th.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\tr.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\uk.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\ur.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\vi.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\zh-cn.pak
  • %TEMP%\nso54a9.tmp\7z-out\locales\zh-tw.pak
  • %TEMP%\nso54a9.tmp\7z-out\resources\app-update.yml
  • %TEMP%\nso54a9.tmp\7z-out\resources\app.asar
  • %TEMP%\nso54a9.tmp\7z-out\resources\elevate.exe
  • %TEMP%\nso54a9.tmp\7z-out\resources.pak
  • %TEMP%\nso54a9.tmp\7z-out\snapshot_blob.bin
  • %TEMP%\nso54a9.tmp\7z-out\v8_context_snapshot.bin
  • %TEMP%\nso54a9.tmp\7z-out\vk_swiftshader.dll
  • %TEMP%\nso54a9.tmp\7z-out\vk_swiftshader_icd.json
  • %TEMP%\nso54a9.tmp\7z-out\vulkan-1.dll
  • %TEMP%\nso54a9.tmp\inetc.dll
  • %TEMP%\nso54a9.tmp\nsexec.dll
  • %TEMP%\nso54a9.tmp\nsis7z.dll
  • %TEMP%\nso54a9.tmp\stdutils.dll
  • %TEMP%\nso54a9.tmp\system.dll
  • %TEMP%\nso54a9.tmp\uac.dll
  • %TEMP%\nso54a9.tmp\winshell.dll
  • %TEMP%\pin\explorer.exe
  • %LOCALAPPDATA%\yandex\browsermanager\data\seedertasks\thumbsv1.json.tmp
  • %WINDIR%\installer\sourcehash{5b964e0e-b9a3-4276-9ed9-4d5a5720747a}
  • %TEMP%\tmp2692aaaaaa
  • %TEMP%\tmp5472aaaaaa
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000003.log
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\manifest-000002
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\log.old
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000006.log
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\manifest-000004
  • %APPDATA%\opera software\opera stable\preferences-20251114234215.259824.backup
  • %APPDATA%\opera software\opera stable\bookmarks-20251114234215.259824.backup
  • %APPDATA%\opera software\opera stable\history-20251114234215.259824.backup
Moves the following files
  • from %ALLUSERSPROFILE%\rustle-pool\is-i1ou7.tmp to %ALLUSERSPROFILE%\rustle-pool\unins000.exe
  • from %TEMP%\is-p4afl.tmp\is-llnf9.tmp to %TEMP%\is-p4afl.tmp\7za.exe
  • from %WINDIR%\temp\{46cd2248-7d84-4e5d-8e9a-5d173b6b7b6d}\setup to %LOCALAPPDATA%\package cache\.unverified\setup
  • from %LOCALAPPDATA%\package cache\.unverified\setup to %LOCALAPPDATA%\package cache\{a532cf68-2992-4f11-a16f-83599fdadf3a}v1.0.0.0\fa187915da.msi
  • from %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000001.dbtmp to %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\current
  • from %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000002.dbtmp to %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\current
  • from %TEMP%\nso54a9.tmp\package.7z to %LOCALAPPDATA%\highstone-updater\package.7z
  • from %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\log to %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\log.old
  • from %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000004.dbtmp to %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\current
  • from %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\000007.dbtmp to %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\current
Modifies the following files
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\search.json.mozlz4
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\xulstore.json
  • %APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\places.sqlite-wal
  • %LOCALAPPDATA%\google\chrome\user data\default\favicons-journal
  • %LOCALAPPDATA%\google\chrome\user data\default\favicons
  • %LOCALAPPDATA%\google\chrome\user data\default\top sites-journal
  • %LOCALAPPDATA%\google\chrome\user data\default\top sites
  • %LOCALAPPDATA%\google\chrome\user data\default\history-journal
  • %LOCALAPPDATA%\google\chrome\user data\default\history
  • %LOCALAPPDATA%\google\chrome\user data\default\preferences
  • %APPDATA%\opera software\opera stable\preferences
  • %APPDATA%\opera software\opera stable\bookmarks
Substitutes the following files
  • %TEMP%\vendor00000.xml
  • %TEMP%\is-p4afl.tmp\logo y.bmp
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\places.sqlite-journal
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\places.sqlite-shm
  • %APPDATA%\mozilla\firefox\profiles\mlxv8edx.default\places.sqlite-wal
  • %LOCALAPPDATA%\Google\Chrome\User Data\Default\Top Sites-journal
  • %LOCALAPPDATA%\Google\Chrome\User Data\Default\History-journal
  • %LOCALAPPDATA%\Google\Chrome\User Data\Default\Favicons-journal
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\current
  • %TEMP%\{5b964e0e-b9a3-4276-9ed9-4d5a5720747a}\yandexsearch.msi
  • %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\яндекс.website
  • %WINDIR%\installer\sourcehash{5b964e0e-b9a3-4276-9ed9-4d5a5720747a}
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\log
  • %LOCALAPPDATA%\yandex\browsermanager\data\seedertasks\thumbsv1.json.tmp
  • %LOCALAPPDATA%\google\chrome\user data\default\local storage\leveldb\log.old
Network activity
Connects to
  • '89.##8.99.150':80
  • 'hi###tone.link':80
  • 'dl.####iextend360.com':80
  • 'download.yandex.ru':443
  • 'aw###erweb.xyz':443
  • 'hi###tone.link':443
  • 'dl.####iextend360.com':443
  • 'x1.#.lencr.org':80
  • 'cl#######m9-6.cdn.yandex.net':443
  • 'so###eryde.xyz':443
  • 'download.yandex.ru':80
  • 'cl#######m9-13.cdn.yandex.net':80
  • 'do#####der.yandex.net':80
  • 'cl#######m9-3.cdn.yandex.net':80
  • 'ze#####.ocsp.sectigo.com':80
  • 'ie####uferunh.xyz':443
  • 'dl.####nsionempire.com':443
  • 'ip##gger.ru':443
  • 'e7.#.lencr.org':80
  • 'r1#.#.lencr.org':80
  • 'as###inweb.xyz':443
  • 'e8.#.lencr.org':80
  • 'do#####d.cdn.yandex.net':443
  • 'cl#######m9-15.cdn.yandex.net':443
  • 'clck.yandex.ru':80
  • 'do#####d.cdn.yandex.net':80
  • 'cl#######m9-7.cdn.yandex.net':80
  • 'cl#######m9-2.cdn.yandex.net':80
  • 's1#.#wav.net':443
  • 'cl#######m9-10.cdn.yandex.net':80
  • 'cl#######m9-12.cdn.yandex.net':80
  • 'cl#######m9-15.cdn.yandex.net':80
  • 'td####vfgh.co.im':443
  • 'un####mestamp.com':443
  • 'cl#######m9-9.cdn.yandex.net':80
  • 'api.browser.yandex.ru':443
  • 'cl#######m9-4.cdn.yandex.net':443
  • 'soft.export.yandex.ru':80
  • 'cl#######m9-9.cdn.yandex.net':443
TCP
HTTP GET requests
  • http://hi###tone.link/i/win/Launcher-HighStone-0.1.1.exe
  • http://dl.####iextend360.com/setup-win32-bundle.exe
  • http://x1.#.lencr.org/
  • http://cl#######m9-13.cdn.yandex.net/download.yandex.ru/yandex-pack/downloader/info.rss?li#####
  • http://do#####der.yandex.net/yandex-pack/635492/YandexPackSetup.exe
  • http://cl#######m9-3.cdn.yandex.net/downloader.yandex.net/yandex-pack/635492/YandexPackSetup.exe?li#####
  • http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2c##############
  • http://ze#####.ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQILj%2F5BYz%2BinwYvRPv3x0WYHB6awQUyNl4aKLZGWjVPXLeXwo%2B3LWGhqYCEQDxiIbJX9xHDjz4HYlswHJ1
  • http://e7.#.lencr.org/59.crl
  • http://r1#.#.lencr.org/57.crl
  • http://e8.#.lencr.org/100.crl
  • http://clck.yandex.ru/click/dtype=stred/pid=12/cid=72435/path=dwnldr/p=635492/cnt=0/dt=12/ct=0/rt=18/imp=0/*
  • http://clck.yandex.ru/click/dtype=stred/pid=198/cid=73002/path=0.winapi_download/ui=%7B31c1f269-58d6-4c50-9e57-6e8ce6d46cd8%7D/clid1=9183561-863/dt=0/ds=0/bits=7_8_19041_746/bver=0_0_0_0/prod_v...
  • http://cl#######m9-7.cdn.yandex.net/download.yandex.ru/yandex-pack/downloader/info.rss?li#####
  • http://do#####der.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?cl########################################################
  • http://cl#######m9-2.cdn.yandex.net/downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?cl################################################################
  • http://cl#######m9-10.cdn.yandex.net/downloader.yandex.net/yandex-pack/9715/YandexPackSetup.exe?li#####
  • http://cl#######m9-12.cdn.yandex.net/download.yandex.ru/yandex-pack/downloader/info.rss?li#####
  • http://cl#######m9-15.cdn.yandex.net/downloader.yandex.net/yandex-pack/9715/YandexPackSetup.exe?li#####
  • http://clck.yandex.ru/click/dtype=stred/pid=198/cid=73002/path=1.run_dist/ui=%7B31c1f269-58d6-4c50-9e57-6e8ce6d46cd8%7D/clid1=9183561-863/dt=253253231/ds=11081616/bits=7_8_19041_746/bver=25_8_5...
  • http://cl#######m9-9.cdn.yandex.net/downloader.yandex.net/yandex-pack/9715/YandexPackSetup.exe?li#####
  • http://clck.yandex.ru/click/dtype=stred/pid=198/cid=73068/path=3_7_12_234/GoogleChromeBeta=0/anti=0/antiNames=Windows%20Defender/browser=msedge/clid=9183422-863/edge=74/ff=673/gc=1802/goodToken...
  • http://soft.export.yandex.ru/status.xml?cl#######################################################################################################################################################...
  • http://clck.yandex.ru/click/dtype=stred/pid=12/cid=72435/path=dwnldr/p=9715/cnt=0/dt=11/ct=0/rt=18/imp=0/*
  • http://clck.yandex.ru/click/dtype=stred/pid=198/cid=73002/path=1.run_dist/ui=%7B31c1f269-58d6-4c50-9e57-6e8ce6d46cd8%7D/clid1=9183561-863/dt=40693979/ds=11081616/bits=7_8_19041_746/bver=25_8_5_...
  • http://clck.yandex.ru/click/dtype=stred/pid=12/cid=72435/path=dwnldr/p=9715/cnt=1/dt=8/ct=1/rt=8/imp=0/*
  • http://cl#######m9-9.cdn.yandex.net/downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?cl################################################################
  • http://clck.yandex.ru/click/dtype=stred/pid=198/cid=73002/path=1.run_dist/ui=%7B31c1f269-58d6-4c50-9e57-6e8ce6d46cd8%7D/clid1=9183561-863/dt=58670890/ds=11081616/bits=7_8_19041_746/bver=25_8_5_...
  • http://clck.yandex.ru/click/dtype=stred/pid=198/cid=73068/path=3_7_12_234/GoogleChromeBeta=0/anti=0/antiNames=Windows%20Defender/browser=msedge/clid=2343971-232/edge=10/ff=254/gc=548/goodToken=...
Other
  • 'do#####d.cdn.yandex.net':443
  • 'aw###erweb.xyz':443
  • 'hi###tone.link':443
  • 'dl.####nsionempire.com':443
  • 'cl#######m9-6.cdn.yandex.net':443
  • '15#.#01.1.91':443
  • 'so###eryde.xyz':443
  • 'ie####uferunh.xyz':443
  • 'ip##gger.ru':443
  • 'as###inweb.xyz':443
  • 'cl#######m9-15.cdn.yandex.net':443
  • 's1#.#wav.net':443
  • 'td####vfgh.co.im':443
  • 'un####mestamp.com':443
  • 'ap#.###wser.yandex.net':443
  • 'cl#######m9-4.cdn.yandex.net':443
  • 'cl#######m9-9.cdn.yandex.net':443
UDP
  • DNS ASK dl.####iextend360.com
  • DNS ASK hi###tone.link
  • DNS ASK aw###erweb.xyz
  • DNS ASK download.yandex.ru
  • DNS ASK x1.#.lencr.org
  • DNS ASK cl#######m9-6.cdn.yandex.net
  • DNS ASK so###eryde.xyz
  • DNS ASK cl#######m9-13.cdn.yandex.net
  • DNS ASK do#####der.yandex.net
  • DNS ASK cl#######m9-3.cdn.yandex.net
  • DNS ASK ze#####.ocsp.sectigo.com
  • DNS ASK ie####uferunh.xyz
  • DNS ASK dl.####nsionempire.com
  • DNS ASK ip##gger.ru
  • DNS ASK e7.#.lencr.org
  • DNS ASK r1#.#.lencr.org
  • DNS ASK as###inweb.xyz
  • DNS ASK e8.#.lencr.org
  • DNS ASK cl#######m9-15.cdn.yandex.net
  • DNS ASK clck.yandex.ru
  • DNS ASK st####egkhlbmk.xyz
  • DNS ASK cl#######m9-7.cdn.yandex.net
  • DNS ASK cl#######m9-2.cdn.yandex.net
  • DNS ASK s1#.#wav.net
  • DNS ASK cl#######m9-10.cdn.yandex.net
  • DNS ASK cl#######m9-12.cdn.yandex.net
  • DNS ASK td####vfgh.co.im
  • DNS ASK un####mestamp.com
  • DNS ASK cl#######m9-9.cdn.yandex.net
  • DNS ASK ap#.###wser.yandex.net
  • DNS ASK do#####d.cdn.yandex.net
  • DNS ASK api.browser.yandex.ru
  • DNS ASK cl#######m9-4.cdn.yandex.net
  • DNS ASK soft.export.yandex.ru
Miscellaneous
Searches for the following windows
  • ClassName: '#32770' WindowName: ''
  • ClassName: 'EDIT' WindowName: ''
  • ClassName: 'Chrome_WidgetWin_1' WindowName: ''
Creates and executes the following
  • '%TEMP%\5ixlrqltnh\wflkzvpyta\launcher-highstone-0.1.1.exe' /pid:100 /S
  • '%TEMP%\5ixlrqltnh\wfyrvm81is\downloader.exe' --partner 635492 --distr /quiet /msicl "YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y YABM=n VID=863"
  • '%TEMP%\5ixlrqltnh\wfjn5livqs\setup-gdgb.exe' /verysilent
  • '%TEMP%\is-0i40u.tmp\setup-gdgb.tmp' /SL5="$B01EE,1125611,882176,%TEMP%\5IXlrqLTnh\wfjN5LIvqs\setup-gdgb.exe" /verysilent
  • '%TEMP%\5ixlrqltnh\wfx8amdmzz\setup-win32-bundle.exe' /quiet /s PartnerId=4235 Portable=1 AddToExclusion=1
  • '%WINDIR%\temp\{94900072-5be7-46a3-a3a2-06910591e239}\.cr\setup-win32-bundle.exe' -burn.clean.room="%TEMP%\5IXlrqLTnh\wfx8aMdmZZ\setup-win32-bundle.exe" -burn.filehandle.attached=520 -burn.filehandle.self=532 /quiet /s PartnerId=4235 Portable=1 AddToExclusion=1
  • '%TEMP%\7f4987fb1a6e43d69e3e94b29eb75926\yandexpacksetup.exe' /quiet /msicl "YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y YABM=n VID=863"
  • '%TEMP%\5ixlrqltnh\wfyrvm81is\downloader.exe' --stat dwnldr/p=635492/cnt=0/dt=12/ct=0/rt=0 --dh 2172 --st 1763163689
  • '%TEMP%\0ddd8efd-7546-49a2-8c3a-8725bc925b0f\lite_installer.exe' --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_c...
  • '%TEMP%\d315a54e-bb46-4f07-aa3c-7c39bf9d7ee3\seederexe.exe' "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=...
  • '%TEMP%\is-p4afl.tmp\7za.exe' e "%TEMP%\is-P4AFL.tmp\tgmult.zip" -pvkd -y -o%ALLUSERSPROFILE%\rustle-pool
  • '%ALLUSERSPROFILE%\rustle-pool\tgmacro.exe' /trayMode
  • '%TEMP%\is-p4afl.tmp\downloader.exe' --partner 9715 --distr /quiet /msicl "YAHOMEPAGE=y YAQSEARCH=y YABROWSER=y VID=232"
  • '%TEMP%\7f4987fb1a6e43d69e3e94b29eb75926\yandexpacksetup.exe' /quiet /msicl "YAHOMEPAGE=y YAQSEARCH=y YABROWSER=y VID=232"
  • '%TEMP%\is-p4afl.tmp\downloader.exe' --stat dwnldr/p=9715/cnt=0/dt=11/ct=0/rt=0 --dh 2196 --st 1763163734
  • '%LOCALAPPDATA%\yandex\yapin\yandex.exe' --silent --pin-taskbar=y --pin-desktop=n
  • '%TEMP%\pin\explorer.exe' --silent --pin-taskbar=y --pin-desktop=n /pin-path="%LOCALAPPDATA%\Yandex\YaPin\Yandex.lnk" --is-pinning
  • '%TEMP%\{3102fbde-ef35-4478-85f8-003073b2e291}.exe' --job-name=yBrowserDownloader-{AD66FC9A-EEE5-402E-98A4-9213535C8513} --send-statistics --local-path=%TEMP%\{3102FBDE-EF35-4478-85F8-003073B2E291}.exe --YABROWSER --cumtom-welcome-page=https://b...
  • '%TEMP%\d6216b89-6d8a-4781-a03e-3ccd584a4254\lite_installer.exe' --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_c...
  • '%TEMP%\29ea40e5-7380-42c3-84fa-71413af971ad\seederexe.exe' "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=...
  • '%TEMP%\f0f3235e-daf7-4b92-a760-f05c60b07863\sender.exe' --send "/status.xml?clid=9183422-863&uuid=31c1f269-58d6-4c50-9e57-6e8ce6d46cd8&vnt=Windows 10x64&file-no=8%0A10%0A12%0A15%0A16%0A17%0A18%0A20%0A21%0A22%0A25%0A36%0A40%0A42%0A43%0A45%0A57%0A61%0...
  • '%TEMP%\is-p4afl.tmp\downloader.exe' --stat dwnldr/p=9715/cnt=1/dt=8/ct=1/rt=0 --dh 2212 --st 1763163753
  • '%TEMP%\{c385dcf8-89a2-47e2-89a3-0a9314d36110}.exe' --job-name=yBrowserDownloader-{D1D4DE14-E0D3-4BBA-95BF-681B6B07A2A9} --send-statistics --local-path=%TEMP%\{C385DCF8-89A2-47E2-89A3-0A9314D36110}.exe --YABROWSER --cumtom-welcome-page=https://b...
  • '%TEMP%\f23f497b-0b79-4b7b-8c9d-6ab12472b271\lite_installer.exe' --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_c...
  • '%TEMP%\2385da40-1299-488b-bc8f-adf818e9aa5c\seederexe.exe' "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=...
  • '%TEMP%\{ee754ef2-b8f1-4c7e-ae92-f26e06092382}.exe' --job-name=yBrowserDownloader-{F588990F-6788-47AC-B6A4-0D8AC6EB7056} --send-statistics --local-path=%TEMP%\{EE754EF2-B8F1-4C7E-AE92-F26E06092382}.exe --YABROWSER --cumtom-welcome-page=https://b...
  • '%TEMP%\13a10af0-2140-44df-8fe9-97e7a48222a5\sender.exe' --send "/status.xml?clid=2343971-232&uuid=%7B31c1f269-58d6-4c50-9e57-6e8ce6d46cd8%7D&vnt=Windows 10x64&file-no=8%0A15%0A16%0A18%0A25%0A42%0A43%0A45%0A49%0A50%0A57%0A61%0A103%0A111%0A115%0A123%0...
  • '%TEMP%\a6809f8d-8d4a-4196-add3-abc06dfecf7d\sender.exe' --send "/status.xml?clid=2343971-232&uuid=%7B31c1f269-58d6-4c50-9e57-6e8ce6d46cd8%7D&vnt=Windows 10x64&file-no=8%0A15%0A16%0A18%0A25%0A42%0A45%0A49%0A50%0A57%0A61%0A103%0A111%0A115%0A123%0A124%...
Executes the following
  • '%WINDIR%\syswow64\cmd.exe' /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq HighStone.exe" | <SYSTEM32>\find.exe "HighStone.exe"
  • '%WINDIR%\syswow64\tasklist.exe' /FI "USERNAME eq user" /FI "IMAGENAME eq HighStone.exe"
  • '%WINDIR%\syswow64\find.exe' "HighStone.exe"
  • '%WINDIR%\syswow64\schtasks.exe' /Create /TN slap-waist /SC ONLOGON /TR "%ALLUSERSPROFILE%\rustle-pool\TGMacro.exe /trayMode" /F /DELAY 0001:00 /RL HIGHEST
  • '%WINDIR%\syswow64\schtasks.exe' /F /CREATE /TN "recipecleaner-S-1-5-21-4226853953-3309226944-3078887307-1000" /XML "%TEMP%\fa187915da.xml"
  • '%TEMP%\5ixlrqltnh\wflkzvpyta\launcher-highstone-0.1.1.exe' /pid:100 /S' (with hidden window)
  • '%TEMP%\5ixlrqltnh\wfyrvm81is\downloader.exe' --partner 635492 --distr /quiet /msicl "YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y YABM=n VID=863"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq HighStone.exe" | <SYSTEM32>\find.exe "HighStone.exe"' (with hidden window)
  • '%TEMP%\5ixlrqltnh\wfjn5livqs\setup-gdgb.exe' /verysilent' (with hidden window)
  • '%TEMP%\5ixlrqltnh\wfx8amdmzz\setup-win32-bundle.exe' /quiet /s PartnerId=4235 Portable=1 AddToExclusion=1' (with hidden window)
  • '%TEMP%\is-p4afl.tmp\7za.exe' e "%TEMP%\is-P4AFL.tmp\tgmult.zip" -pvkd -y -o%ALLUSERSPROFILE%\rustle-pool' (with hidden window)
  • '%TEMP%\is-p4afl.tmp\downloader.exe' --partner 9715 --distr /quiet /msicl "YAHOMEPAGE=y YAQSEARCH=y YABROWSER=y VID=232"' (with hidden window)
  • '%TEMP%\pin\explorer.exe' --silent --pin-taskbar=y --pin-desktop=n /pin-path="%LOCALAPPDATA%\Yandex\YaPin\Yandex.lnk" --is-pinning' (with hidden window)

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play