Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Lijig' = '%APPDATA%\Roaming\Saucp\lijig.exe'
- '%APPDATA%\Roaming\Saucp\lijig.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<SYSTEM32>\taskhost.exe"
- <SYSTEM32>\cmd.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\amljxzlfisghjnqcxtyx_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xsovkcyhirofihaaifmllbqs_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\prsylbyrodtomndyuowohatucqs_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\aqrwxgxxwbknsgukeauknbqnb_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\prqsypaufizlwcmnbqyhfmztaeyl_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\baivhextwkfpfmjhbavnvy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hxswcvgqxcqukrtklrnbeqxvsv_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\guscucfajntsjnipzivamhakn_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zdvocapfprdqjndelrhxaejfjrqjv_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hqhanzroamdyuweydcqdtkbmwr_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\yhhuovgrswcobhaorfmpvggqsoyl_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tgppbsosgpqcxozkrmzpvmr_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vsxgerkxwvgukzxzhqghvgaqxpcq_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\thkzkndyeapzxhqwsaijngubi_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mbrllbsbesgvgbatyluhojyd_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nbeuayoznzqdrkqwtwlguhibm_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zhemvcucitnbcqrwvovwtcyhvg_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xtgqljzpqghfylvdypndiyge_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lvskrhyydaebwssouwxibizormz_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ylhhxtwxylordrgrkytfa_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\znrdxsemqkhworzofdyduk_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hamjdlbjzusceamlifcaqsbeqkyhdq_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\eupzrgkvqfuzdqcmmbztgmaurgrc_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ivtoduxkhxizwshlnzhmzhtpr_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ufehfmijcydtkxsypkrsconmrgyor_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mobaipdebdijnamzxhmbrsovtocq_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\geduphqttsgmxceygumftnbbitbm_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xoforpbmfevouocqfypsxwnjgm_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\daxsgmzxjauaelguzpmvrghif_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jfnrojrpemeyzdxcatprfmhvk_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nrdeyhskushmydwozmjqksrsob_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mnljerpxreqjfhumrgfytggy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\orsizknvsktcushqrcbidmtcmvyx_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\faojxaykbeaonvifhqfuhmpnj_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dykrhozvcvtibptwvkvsngy_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\bmfqnfylqoheaegqcaqvohmts_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hydbqcpmfpfnzxxceamvwau_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dukrrshetkwcinxgtkft_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ucyscdtsxpzugpbcupvvwnzbaciea_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\sgeuhdattgvhatxfarsaqlbgm_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lrjfxkxhbuvoytfyttyhmrpv_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lfunfqgoknucfmtunrdaybydfa_info[1]
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\08704611-00000001.eml
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\08704611-00000001.eml:OECustomProperty
- <LS_APPDATA>\Microsoft\Windows Mail\edb.log
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Drafts\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Junk E-mail\winmail.fol
- %TEMP%\ppcrlui_588_2
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\wgqglblydrplzgojxydtc_ru[1]
- %TEMP%\TarCDC.tmp
- %TEMP%\KRI23C6.bat
- %TEMP%\CabCDB.tmp
- <LS_APPDATA>\Microsoft\Windows Mail\edbtmp.log
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\edb00002.log
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\WindowsMail.MSMessageStore
- %APPDATA%\Roaming\Saucp\lijig.exe
- <LS_APPDATA>\Microsoft\Windows Mail\tmp.edb
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Sent Items\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Deleted Items\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Outbox\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\WindowsMail.pat
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\winmail.fol
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\caibhqfmbehppfhhuhtwbqbi_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zhizwyluccqaqjztjznzfacegee_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\rkzpkjfylzcubmytgqdicarofeugdn_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vwztwohatclhdxtseaqoytvcded_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\todwkzylxhaqcbigucqkxcpmf_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tamauvcjrojpbcxgxyxrsvkiz_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\gyhrkfqlbqcidikzxgqhqcqs_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zaqibxdaduozzeqyxpltvgp_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dfmtlnuhtsukjzirwgvozdjvfexc_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\fynzxphdmlqkrhuwcqzp_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pramlvwdakbculvyrwswzhtkaqfy_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\czdmvnjeyuoxvsyxruztlvpjd_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ivjzvcmxaizxztjzfqlnqnjrg_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jvnvwkfumllxpozortayeqvkz_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vgdbtsytautrgvokvovlge_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jvovhmlpjnfqsdpvfexoivukhazt_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pfsswqwzbqgehlvxgzlvgifxg_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lrgaxsugdtvsccitdacycyiv_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hqgqdcaroeuzhlrroxwakr_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ifvsgiyhqgaypgmhapjnteiftw_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dazxhqotkdigeydroqwdbmuwto_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\baivhextwkfpfmjhbavnvy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hxswcvgqxcqukrtklrnbeqxvsv_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hqhanzroamdyuweydcqdtkbmwr_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\guscucfajntsjnipzivamhakn_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\bmfqnfylqoheaegqcaqvohmts_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\faojxaykbeaonvifhqfuhmpnj_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\znrdxsemqkhworzofdyduk_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dykrhozvcvtibptwvkvsngy_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\aqrwxgxxwbknsgukeauknbqnb_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\prqsypaufizlwcmnbqyhfmztaeyl_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nbeuayoznzqdrkqwtwlguhibm_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zhemvcucitnbcqrwvovwtcyhvg_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xsovkcyhirofihaaifmllbqs_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zdvocapfprdqjndelrhxaejfjrqjv_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\prsylbyrodtomndyuowohatucqs_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\amljxzlfisghjnqcxtyx_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mnljerpxreqjfhumrgfytggy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\eupzrgkvqfuzdqcmmbztgmaurgrc_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jfnrojrpemeyzdxcatprfmhvk_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ivtoduxkhxizwshlnzhmzhtpr_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hamjdlbjzusceamlifcaqsbeqkyhdq_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\geduphqttsgmxceygumftnbbitbm_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xoforpbmfevouocqfypsxwnjgm_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nrdeyhskushmydwozmjqksrsob_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\daxsgmzxjauaelguzpmvrghif_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lrjfxkxhbuvoytfyttyhmrpv_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ucyscdtsxpzugpbcupvvwnzbaciea_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\orsizknvsktcushqrcbidmtcmvyx_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\sgeuhdattgvhatxfarsaqlbgm_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ufehfmijcydtkxsypkrsconmrgyor_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mobaipdebdijnamzxhmbrsovtocq_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hydbqcpmfpfnzxxceamvwau_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dukrrshetkwcinxgtkft_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xtgqljzpqghfylvdypndiyge_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ifvsgiyhqgaypgmhapjnteiftw_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dazxhqotkdigeydroqwdbmuwto_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\czdmvnjeyuoxvsyxruztlvpjd_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ivjzvcmxaizxztjzfqlnqnjrg_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lrgaxsugdtvsccitdacycyiv_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\todwkzylxhaqcbigucqkxcpmf_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hqgqdcaroeuzhlrroxwakr_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pfsswqwzbqgehlvxgzlvgifxg_info[1]
- %TEMP%\ppcrlui_588_2
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\wgqglblydrplzgojxydtc_ru[1]
- %TEMP%\CabCDB.tmp
- %TEMP%\TarCDC.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jvovhmlpjnfqsdpvfexoivukhazt_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jvnvwkfumllxpozortayeqvkz_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\caibhqfmbehppfhhuhtwbqbi_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vgdbtsytautrgvokvovlge_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tamauvcjrojpbcxgxyxrsvkiz_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mbrllbsbesgvgbatyluhojyd_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vsxgerkxwvgukzxzhqghvgaqxpcq_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lfunfqgoknucfmtunrdaybydfa_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\thkzkndyeapzxhqwsaijngubi_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lvskrhyydaebwssouwxibizormz_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ylhhxtwxylordrgrkytfa_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\yhhuovgrswcobhaorfmpvggqsoyl_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tgppbsosgpqcxozkrmzpvmr_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\rkzpkjfylzcubmytgqdicarofeugdn_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\fynzxphdmlqkrhuwcqzp_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vwztwohatclhdxtseaqoytvcded_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zhizwyluccqaqjztjznzfacegee_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\gyhrkfqlbqcidikzxgqhqcqs_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zaqibxdaduozzeqyxpltvgp_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pramlvwdakbculvyrwswzhtkaqfy_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dfmtlnuhtsukjzirwgvozdjvfexc_com[1]
- from <LS_APPDATA>\Microsoft\Windows Mail\edbtmp.log to <LS_APPDATA>\Microsoft\Windows Mail\edb.log
- 'ba######wkfpfmjhbavnvy.com':80
- 'hx#######cqukrtklrnbeqxvsv.ru':80
- 'hq#######mdyuweydcqdtkbmwr.org':80
- 'gu#######ntsjnipzivamhakn.net':80
- 'bm#######oheaegqcaqvohmts.org':80
- 'fa#######eaonvifhqfuhmpnj.info':80
- 'zn######qkhworzofdyduk.biz':80
- 'dy######cvtibptwvkvsngy.net':80
- 'aq#######bknsgukeauknbqnb.biz':80
- 'pr########zlwcmnbqyhfmztaeyl.info':80
- 'nb#######zqdrkqwtwlguhibm.com':80
- 'zh#######tnbcqrwvovwtcyhvg.net':80
- 'xs#######rofihaaifmllbqs.com':80
- 'zd########dqjndelrhxaejfjrqjv.biz':80
- 'pr#######dtomndyuowohatucqs.com':80
- 'am#####fisghjnqcxtyx.ru':80
- 'mn#######eqjfhumrgfytggy.com':80
- 'eu#######fuzdqcmmbztgmaurgrc.ru':80
- 'jf#######meyzdxcatprfmhvk.com':80
- 'iv#######xizwshlnzhmzhtpr.net':80
- 'ha########sceamlifcaqsbeqkyhdq.org':80
- 'ge########gmxceygumftnbbitbm.info':80
- 'xo#######evouocqfypsxwnjgm.biz':80
- 'nr#######shmydwozmjqksrsob.net':80
- 'da#######auaelguzpmvrghif.org':80
- 'lr#######uvoytfyttyhmrpv.info':80
- 'uc########zugpbcupvvwnzbaciea.org':80
- 'or#######ktcushqrcbidmtcmvyx.ru':80
- 'sg#######gvhatxfarsaqlbgm.com':80
- 'uf########dtkxsypkrsconmrgyor.ru':80
- 'mo########ijnamzxhmbrsovtocq.com':80
- 'hy######fpfnzxxceamvwau.net':80
- 'du######tkwcinxgtkft.biz':80
- 'da#######digeydroqwdbmuwto.biz':80
- 'hq######oeuzhlrroxwakr.org':80
- 'iv#######izxztjzfqlnqnjrg.ru':80
- 'if#######gaypgmhapjnteiftw.com':80
- 'to#######haqcbigucqkxcpmf.ru':80
- 'ta#######ojpbcxgxyxrsvkiz.biz':80
- 'pf#######qgehlvxgzlvgifxg.info':80
- 'lr#######tvsccitdacycyiv.com':80
- 'wg######drplzgojxydtc.ru':80
- 'ca#######ehppfhhuhtwbqbi.com':80
- '74.##5.232.51':80
- 'www.bing.com':80
- 'jv#######llxpozortayeqvkz.net':80
- 'cz#######uoxvsyxruztlvpjd.com':80
- 'vg######autrgvokvovlge.info':80
- 'jv########fqsdpvfexoivukhazt.biz':80
- 'vw########lhdxtseaqoytvcded.info':80
- 'vs########gukzxzhqghvgaqxpcq.com':80
- 'yh########cobhaorfmpvggqsoyl.info':80
- 'th#######apzxhqwsaijngubi.biz':80
- 'mb######esgvgbatyluhojyd.ru':80
- 'yl######ylordrgrkytfa.com':80
- 'xt######qghfylvdypndiyge.ru':80
- 'tg######gpqcxozkrmzpvmr.org':80
- 'lv#######aebwssouwxibizormz.biz':80
- 'fy######mlqkrhuwcqzp.com':80
- 'pr#######kbculvyrwswzhtkaqfy.ru':80
- 'zh#######cqaqjztjznzfacegee.org':80
- 'rk########cubmytgqdicarofeugdn.net':80
- 'za######duozzeqyxpltvgp.org':80
- 'lf#######nucfmtunrdaybydfa.info':80
- 'df########ukjzirwgvozdjvfexc.com':80
- 'gy#######qcidikzxgqhqcqs.net':80
- ba######wkfpfmjhbavnvy.com/
- hx#######cqukrtklrnbeqxvsv.ru/
- hq#######mdyuweydcqdtkbmwr.org/
- gu#######ntsjnipzivamhakn.net/
- bm#######oheaegqcaqvohmts.org/
- fa#######eaonvifhqfuhmpnj.info/
- zn######qkhworzofdyduk.biz/
- dy######cvtibptwvkvsngy.net/
- aq#######bknsgukeauknbqnb.biz/
- pr########zlwcmnbqyhfmztaeyl.info/
- nb#######zqdrkqwtwlguhibm.com/
- zh#######tnbcqrwvovwtcyhvg.net/
- xs#######rofihaaifmllbqs.com/
- zd########dqjndelrhxaejfjrqjv.biz/
- pr#######dtomndyuowohatucqs.com/
- am#####fisghjnqcxtyx.ru/
- mn#######eqjfhumrgfytggy.com/
- eu#######fuzdqcmmbztgmaurgrc.ru/
- jf#######meyzdxcatprfmhvk.com/
- iv#######xizwshlnzhmzhtpr.net/
- ha########sceamlifcaqsbeqkyhdq.org/
- ge########gmxceygumftnbbitbm.info/
- xo#######evouocqfypsxwnjgm.biz/
- nr#######shmydwozmjqksrsob.net/
- da#######auaelguzpmvrghif.org/
- lr#######uvoytfyttyhmrpv.info/
- uc########zugpbcupvvwnzbaciea.org/
- or#######ktcushqrcbidmtcmvyx.ru/
- sg#######gvhatxfarsaqlbgm.com/
- uf########dtkxsypkrsconmrgyor.ru/
- mo########ijnamzxhmbrsovtocq.com/
- hy######fpfnzxxceamvwau.net/
- du######tkwcinxgtkft.biz/
- da#######digeydroqwdbmuwto.biz/
- hq######oeuzhlrroxwakr.org/
- iv#######izxztjzfqlnqnjrg.ru/
- if#######gaypgmhapjnteiftw.com/
- to#######haqcbigucqkxcpmf.ru/
- ta#######ojpbcxgxyxrsvkiz.biz/
- pf#######qgehlvxgzlvgifxg.info/
- lr#######tvsccitdacycyiv.com/
- wg######drplzgojxydtc.ru/
- ca#######ehppfhhuhtwbqbi.com/
- 74.##5.232.51/
- www.bing.com/
- jv#######llxpozortayeqvkz.net/
- cz#######uoxvsyxruztlvpjd.com/
- vg######autrgvokvovlge.info/
- jv########fqsdpvfexoivukhazt.biz/
- vw########lhdxtseaqoytvcded.info/
- vs########gukzxzhqghvgaqxpcq.com/
- yh########cobhaorfmpvggqsoyl.info/
- th#######apzxhqwsaijngubi.biz/
- mb######esgvgbatyluhojyd.ru/
- yl######ylordrgrkytfa.com/
- xt######qghfylvdypndiyge.ru/
- tg######gpqcxozkrmzpvmr.org/
- lv#######aebwssouwxibizormz.biz/
- fy######mlqkrhuwcqzp.com/
- pr#######kbculvyrwswzhtkaqfy.ru/
- zh#######cqaqjztjznzfacegee.org/
- rk########cubmytgqdicarofeugdn.net/
- za######duozzeqyxpltvgp.org/
- lf#######nucfmtunrdaybydfa.info/
- df########ukjzirwgvozdjvfexc.com/
- gy#######qcidikzxgqhqcqs.net/
- DNS ASK pr#######dtomndyuowohatucqs.com
- DNS ASK am#####fisghjnqcxtyx.ru
- DNS ASK pr########zlwcmnbqyhfmztaeyl.info
- DNS ASK zh#######tnbcqrwvovwtcyhvg.net
- DNS ASK aq#######bknsgukeauknbqnb.biz
- DNS ASK gu#######ntsjnipzivamhakn.net
- DNS ASK ba######wkfpfmjhbavnvy.com
- DNS ASK hq#######mdyuweydcqdtkbmwr.org
- DNS ASK xs#######rofihaaifmllbqs.com
- DNS ASK zd########dqjndelrhxaejfjrqjv.biz
- DNS ASK vs########gukzxzhqghvgaqxpcq.com
- DNS ASK yh########cobhaorfmpvggqsoyl.info
- DNS ASK mb######esgvgbatyluhojyd.ru
- DNS ASK xo#######evouocqfypsxwnjgm.biz
- DNS ASK th#######apzxhqwsaijngubi.biz
- DNS ASK xt######qghfylvdypndiyge.ru
- DNS ASK nb#######zqdrkqwtwlguhibm.com
- DNS ASK yl######ylordrgrkytfa.com
- DNS ASK tg######gpqcxozkrmzpvmr.org
- DNS ASK lv#######aebwssouwxibizormz.biz
- DNS ASK hx#######cqukrtklrnbeqxvsv.ru
- DNS ASK iv#######xizwshlnzhmzhtpr.net
- DNS ASK ha########sceamlifcaqsbeqkyhdq.org
- DNS ASK mo########ijnamzxhmbrsovtocq.com
- DNS ASK du######tkwcinxgtkft.biz
- DNS ASK uf########dtkxsypkrsconmrgyor.ru
- DNS ASK da#######auaelguzpmvrghif.org
- DNS ASK ge########gmxceygumftnbbitbm.info
- DNS ASK nr#######shmydwozmjqksrsob.net
- DNS ASK eu#######fuzdqcmmbztgmaurgrc.ru
- DNS ASK jf#######meyzdxcatprfmhvk.com
- DNS ASK fa#######eaonvifhqfuhmpnj.info
- DNS ASK mn#######eqjfhumrgfytggy.com
- DNS ASK bm#######oheaegqcaqvohmts.org
- DNS ASK zn######qkhworzofdyduk.biz
- DNS ASK dy######cvtibptwvkvsngy.net
- DNS ASK uc########zugpbcupvvwnzbaciea.org
- DNS ASK hy######fpfnzxxceamvwau.net
- DNS ASK lr#######uvoytfyttyhmrpv.info
- DNS ASK or#######ktcushqrcbidmtcmvyx.ru
- DNS ASK sg#######gvhatxfarsaqlbgm.com
- DNS ASK cz#######uoxvsyxruztlvpjd.com
- DNS ASK jv#######llxpozortayeqvkz.net
- DNS ASK jv########fqsdpvfexoivukhazt.biz
- DNS ASK da#######digeydroqwdbmuwto.biz
- DNS ASK if#######gaypgmhapjnteiftw.com
- DNS ASK iv#######izxztjzfqlnqnjrg.ru
- DNS ASK www.bing.com
- DNS ASK www.google.com
- DNS ASK lf#######nucfmtunrdaybydfa.info
- DNS ASK vg######autrgvokvovlge.info
- DNS ASK ca#######ehppfhhuhtwbqbi.com
- DNS ASK wg######drplzgojxydtc.ru
- DNS ASK hq######oeuzhlrroxwakr.org
- DNS ASK pr#######kbculvyrwswzhtkaqfy.ru
- DNS ASK fy######mlqkrhuwcqzp.com
- DNS ASK rk########cubmytgqdicarofeugdn.net
- DNS ASK za######duozzeqyxpltvgp.org
- DNS ASK gy#######qcidikzxgqhqcqs.net
- DNS ASK df########ukjzirwgvozdjvfexc.com
- DNS ASK to#######haqcbigucqkxcpmf.ru
- DNS ASK lr#######tvsccitdacycyiv.com
- DNS ASK pf#######qgehlvxgzlvgifxg.info
- DNS ASK zh#######cqaqjztjznzfacegee.org
- DNS ASK vw########lhdxtseaqoytvcded.info
- DNS ASK ta#######ojpbcxgxyxrsvkiz.biz
- '94.##0.224.115':8696
- '89.##9.15.186':9896
- '85.##8.28.135':4627
- '87.##2.114.99':10814
- '11#.#10.123.33':25532
- '17#.42.11.6':10124
- '70.##2.131.148':4092
- '12#.#38.67.140':4636
- '2.###.133.66':6474
- '10#.#17.117.139':8593
- '76.##6.114.217':1684
- '20#.#09.58.176':24069
- '66.##.204.26':24382
- '79.##.154.174':7520
- '88.##6.167.36':10006
- '10#.#4.172.39':3059
- '84.#9.131.0':7605
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'OutlookExpressHiddenWindow' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'