Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Tyiduz' = '%APPDATA%\Roaming\Ocsay\tyiduz.exe'
- '%APPDATA%\Roaming\Ocsay\tyiduz.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<SYSTEM32>\taskhost.exe"
- <SYSTEM32>\cmd.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\wkqdmikjwwdydqjhsyfifenj_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\bukvprvovcpvbyxgmeinzteux_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jffeivpbqclvwnzirgelnbmj_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\gwdutcprbisolvfeuoqyddxwwc_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tlqkeynbaecybajrfiuvskmvu_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tmbghqqdxtceujvoblzhif_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\twambizivkbhzbirdevgmftgy_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\uofwscefutxlnjvgkjztsfyzt_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\rgzxaizhtklguivugtdmpjovpb_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xmmfwkbqhnzlzdyluglrrwg_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\diplphampamupjqsocd_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vfayhgqdsozpytgyylltpj_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\slnnbdrcbyeqlqcpphqlrwkifi_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xpvbuzkjhoxaqrkpxxgaeshe_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\yheylzxlzztwlaiojlneyovl_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\aunjcixjblfcqlndmttjnvnbd_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xlwgcukztonmvlvjrtdlnqto_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\gmpjnzmvwkbqmjzdmnxfkvyttkmr_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xlzxivdshpzgmlbkbttcaqeymf_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lrdyslrgayhwqklvlqwgp_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ugdwobhucyhuovozljijlmhukqk_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ortgxcahlfiupvgnjjfonh_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nrdqcdimnpskxozfugivsbedyh_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\todufisinuwtzibtcuopvdhy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pnrdcidqcukrwaypfayttcpinl_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vceavseqhxvusjzswpifyp_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pzgfaphugvcaepraqxtuc_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zvklkbjnlkbtifauxojmnfamf_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mlnnfizpnxolxwgovhelhyljz_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\thuucxolbumtfelqkhvgqotod_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ucfqnivifgqbmmvpbsktoprusddq_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\rcpzlcekzrkjzpgihaduwkbixiz_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pizbynzdzdeylizllxxcewcda_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\amdqxhavsdakvrijwoylwxmv_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\inlzojntxpnfacypkfizpbbe_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\babavwwhwsdxxqcpzfijmjy_com[1]
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Junk E-mail\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\edb.log
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Deleted Items\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Drafts\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\680424E6-00000001.eml
- %TEMP%\CabFC8.tmp
- %TEMP%\TarFD9.tmp
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\680424E6-00000001.eml:OECustomProperty
- %TEMP%\ESQ35BB.bat
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\WindowsMail.MSMessageStore
- <LS_APPDATA>\Microsoft\Windows Mail\edbtmp.log
- %APPDATA%\Roaming\Ocsay\tyiduz.exe
- <LS_APPDATA>\Microsoft\Windows Mail\tmp.edb
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\edb00002.log
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Outbox\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Sent Items\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\WindowsMail.pat
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\winmail.fol
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\aitwgyxhxjnzxpnpbguxorgmeqsc_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\sgyhmztxkmjlnbsxorinxdu_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\cmdqdtogdllwofqpuctsmntcde_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tfastzlydwsqkphavgvmzucpfh_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\sghgaxzhcuhidyyldskqsvpb_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\krciylfefaovkvhecidezhdemvizqofy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\haupbozdxopizhyknxrgcamn_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lrxzlzxqwohvcjrlfykvnvljhus_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ushfuvgemuczjbwharwgyeywkong_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lbmnfqwhemxqkhbqrdmydlrin_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ljbfmobdpwequovohqhbahaozh_biz[1]
- %TEMP%\ppcrlui_456_2
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zpifjzorifugnjlyhehqtsgif_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nvtrkijtjnlfmnmrdjwnzxwob_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pnnxkblmbldaugrctsbqhvkxk_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\bilfydmwskjxaqjvtsorvgpvkj_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\rkpjgakvqgfaeqwshlfieivwsojz_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ivdaknduzhugugubaxpmjbytwskxg_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\twambizivkbhzbirdevgmftgy_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tmbghqqdxtceujvoblzhif_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\rgzxaizhtklguivugtdmpjovpb_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\thuucxolbumtfelqkhvgqotod_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mlnnfizpnxolxwgovhelhyljz_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zvklkbjnlkbtifauxojmnfamf_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ucfqnivifgqbmmvpbsktoprusddq_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\gwdutcprbisolvfeuoqyddxwwc_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jffeivpbqclvwnzirgelnbmj_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\aunjcixjblfcqlndmttjnvnbd_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\wkqdmikjwwdydqjhsyfifenj_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\uofwscefutxlnjvgkjztsfyzt_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tlqkeynbaecybajrfiuvskmvu_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\bukvprvovcpvbyxgmeinzteux_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nrdqcdimnpskxozfugivsbedyh_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lrdyslrgayhwqklvlqwgp_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xlzxivdshpzgmlbkbttcaqeymf_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vceavseqhxvusjzswpifyp_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pnrdcidqcukrwaypfayttcpinl_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\todufisinuwtzibtcuopvdhy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pzgfaphugvcaepraqxtuc_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\babavwwhwsdxxqcpzfijmjy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\inlzojntxpnfacypkfizpbbe_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\rcpzlcekzrkjzpgihaduwkbixiz_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pizbynzdzdeylizllxxcewcda_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ortgxcahlfiupvgnjjfonh_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ugdwobhucyhuovozljijlmhukqk_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\amdqxhavsdakvrijwoylwxmv_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pnnxkblmbldaugrctsbqhvkxk_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ivdaknduzhugugubaxpmjbytwskxg_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\rkpjgakvqgfaeqwshlfieivwsojz_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\bilfydmwskjxaqjvtsorvgpvkj_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\aitwgyxhxjnzxpnpbguxorgmeqsc_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tfastzlydwsqkphavgvmzucpfh_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\cmdqdtogdllwofqpuctsmntcde_net[1]
- %TEMP%\ppcrlui_456_2
- %TEMP%\TarFD9.tmp
- %TEMP%\CabFC8.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zpifjzorifugnjlyhehqtsgif_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nvtrkijtjnlfmnmrdjwnzxwob_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ljbfmobdpwequovohqhbahaozh_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lbmnfqwhemxqkhbqrdmydlrin_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\diplphampamupjqsocd_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xmmfwkbqhnzlzdyluglrrwg_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\slnnbdrcbyeqlqcpphqlrwkifi_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xpvbuzkjhoxaqrkpxxgaeshe_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\yheylzxlzztwlaiojlneyovl_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\gmpjnzmvwkbqmjzdmnxfkvyttkmr_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xlwgcukztonmvlvjrtdlnqto_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lrxzlzxqwohvcjrlfykvnvljhus_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\sghgaxzhcuhidyyldskqsvpb_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\sgyhmztxkmjlnbsxorinxdu_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ushfuvgemuczjbwharwgyeywkong_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vfayhgqdsozpytgyylltpj_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\haupbozdxopizhyknxrgcamn_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\krciylfefaovkvhecidezhdemvizqofy_com[1]
- from <LS_APPDATA>\Microsoft\Windows Mail\edbtmp.log to <LS_APPDATA>\Microsoft\Windows Mail\edb.log
- 'th#######umtfelqkhvgqotod.com':80
- 'tw#######kbhzbirdevgmftgy.ru':80
- 'tm######xtceujvoblzhif.com':80
- 'ml#######xolxwgovhelhyljz.info':80
- 'zv#######kbtifauxojmnfamf.biz':80
- 'uc########qbmmvpbsktoprusddq.net':80
- 'rg#######klguivugtdmpjovpb.biz':80
- 'wk######wwdydqjhsyfifenj.ru':80
- 'gw#######isolvfeuoqyddxwwc.biz':80
- 'jf#######clvwnzirgelnbmj.info':80
- 'uo#######txlnjvgkjztsfyzt.org':80
- 'tl#######ecybajrfiuvskmvu.info':80
- 'bu#######cpvbyxgmeinzteux.com':80
- 'rc#######rkjzpgihaduwkbixiz.com':80
- 'vc######hxvusjzswpifyp.org':80
- 'nr#######pskxozfugivsbedyh.net':80
- 'lr######ayhwqklvlqwgp.biz':80
- 'pn#######ukrwaypfayttcpinl.ru':80
- 'to#######uwtzibtcuopvdhy.com':80
- 'pz######gvcaepraqxtuc.info':80
- 'xl#######pzgmlbkbttcaqeymf.ru':80
- 'pi#######deylizllxxcewcda.biz':80
- 'ba######wsdxxqcpzfijmjy.com':80
- 'in######xpnfacypkfizpbbe.ru':80
- 'or######lfiupvgnjjfonh.com':80
- 'ug#######yhuovozljijlmhukqk.net':80
- 'am#######dakvrijwoylwxmv.org':80
- 'au#######lfcqlndmttjnvnbd.org':80
- 'bi#######kjxaqjvtsorvgpvkj.biz':80
- 'pn#######ldaugrctsbqhvkxk.info':80
- 'iv########ugugubaxpmjbytwskxg.com':80
- 'ai#######jnzxpnpbguxorgmeqsc.ru':80
- 'tf#######wsqkphavgvmzucpfh.com':80
- 'cm#######llwofqpuctsmntcde.net':80
- 'rk#######gfaeqwshlfieivwsojz.ru':80
- 'zp#######fugnjlyhehqtsgif.net':80
- 'www.bing.com':80
- '74.##5.232.51':80
- 'nv#######nlfmnmrdjwnzxwob.com':80
- 'lj#######wequovohqhbahaozh.biz':80
- 'lb#######mxqkhbqrdmydlrin.org':80
- 'sg######kmjlnbsxorinxdu.com':80
- 'xp#######oxaqrkpxxgaeshe.com':80
- 'di#####mpamupjqsocd.net':80
- 'xm######hnzlzdyluglrrwg.org':80
- 'yh#######ztwlaiojlneyovl.net':80
- 'gm########bqmjzdmnxfkvyttkmr.com':80
- 'xl######tonmvlvjrtdlnqto.ru':80
- 'sl#######yeqlqcpphqlrwkifi.info':80
- 'us########czjbwharwgyeywkong.info':80
- 'lr#######ohvcjrlfykvnvljhus.org':80
- 'sg#######uhidyyldskqsvpb.biz':80
- 'vf######sozpytgyylltpj.biz':80
- 'ha######xopizhyknxrgcamn.ru':80
- 'kr#########vkvhecidezhdemvizqofy.com':80
- th#######umtfelqkhvgqotod.com/
- tw#######kbhzbirdevgmftgy.ru/
- tm######xtceujvoblzhif.com/
- ml#######xolxwgovhelhyljz.info/
- zv#######kbtifauxojmnfamf.biz/
- uc########qbmmvpbsktoprusddq.net/
- rg#######klguivugtdmpjovpb.biz/
- wk######wwdydqjhsyfifenj.ru/
- gw#######isolvfeuoqyddxwwc.biz/
- jf#######clvwnzirgelnbmj.info/
- uo#######txlnjvgkjztsfyzt.org/
- tl#######ecybajrfiuvskmvu.info/
- bu#######cpvbyxgmeinzteux.com/
- rc#######rkjzpgihaduwkbixiz.com/
- vc######hxvusjzswpifyp.org/
- nr#######pskxozfugivsbedyh.net/
- lr######ayhwqklvlqwgp.biz/
- pn#######ukrwaypfayttcpinl.ru/
- to#######uwtzibtcuopvdhy.com/
- pz######gvcaepraqxtuc.info/
- xl#######pzgmlbkbttcaqeymf.ru/
- pi#######deylizllxxcewcda.biz/
- ba######wsdxxqcpzfijmjy.com/
- in######xpnfacypkfizpbbe.ru/
- or######lfiupvgnjjfonh.com/
- ug#######yhuovozljijlmhukqk.net/
- am#######dakvrijwoylwxmv.org/
- au#######lfcqlndmttjnvnbd.org/
- bi#######kjxaqjvtsorvgpvkj.biz/
- pn#######ldaugrctsbqhvkxk.info/
- iv########ugugubaxpmjbytwskxg.com/
- ai#######jnzxpnpbguxorgmeqsc.ru/
- tf#######wsqkphavgvmzucpfh.com/
- cm#######llwofqpuctsmntcde.net/
- rk#######gfaeqwshlfieivwsojz.ru/
- zp#######fugnjlyhehqtsgif.net/
- www.bing.com/
- 74.##5.232.51/
- nv#######nlfmnmrdjwnzxwob.com/
- lj#######wequovohqhbahaozh.biz/
- lb#######mxqkhbqrdmydlrin.org/
- sg######kmjlnbsxorinxdu.com/
- xp#######oxaqrkpxxgaeshe.com/
- di#####mpamupjqsocd.net/
- xm######hnzlzdyluglrrwg.org/
- yh#######ztwlaiojlneyovl.net/
- gm########bqmjzdmnxfkvyttkmr.com/
- xl######tonmvlvjrtdlnqto.ru/
- sl#######yeqlqcpphqlrwkifi.info/
- us########czjbwharwgyeywkong.info/
- lr#######ohvcjrlfykvnvljhus.org/
- sg#######uhidyyldskqsvpb.biz/
- vf######sozpytgyylltpj.biz/
- ha######xopizhyknxrgcamn.ru/
- kr#########vkvhecidezhdemvizqofy.com/
- DNS ASK jf#######clvwnzirgelnbmj.info
- DNS ASK gw#######isolvfeuoqyddxwwc.biz
- DNS ASK yh#######ztwlaiojlneyovl.net
- DNS ASK au#######lfcqlndmttjnvnbd.org
- DNS ASK wk######wwdydqjhsyfifenj.ru
- DNS ASK uo#######txlnjvgkjztsfyzt.org
- DNS ASK rg#######klguivugtdmpjovpb.biz
- DNS ASK bu#######cpvbyxgmeinzteux.com
- DNS ASK tl#######ecybajrfiuvskmvu.info
- DNS ASK vf######sozpytgyylltpj.biz
- DNS ASK sl#######yeqlqcpphqlrwkifi.info
- DNS ASK pn#######ukrwaypfayttcpinl.ru
- DNS ASK ha######xopizhyknxrgcamn.ru
- DNS ASK xm######hnzlzdyluglrrwg.org
- DNS ASK xl######tonmvlvjrtdlnqto.ru
- DNS ASK gm########bqmjzdmnxfkvyttkmr.com
- DNS ASK di#####mpamupjqsocd.net
- DNS ASK xp#######oxaqrkpxxgaeshe.com
- DNS ASK tm######xtceujvoblzhif.com
- DNS ASK or######lfiupvgnjjfonh.com
- DNS ASK xl#######pzgmlbkbttcaqeymf.ru
- DNS ASK am#######dakvrijwoylwxmv.org
- DNS ASK ug#######yhuovozljijlmhukqk.net
- DNS ASK lr######ayhwqklvlqwgp.biz
- DNS ASK pz######gvcaepraqxtuc.info
- DNS ASK to#######uwtzibtcuopvdhy.com
- DNS ASK nr#######pskxozfugivsbedyh.net
- DNS ASK vc######hxvusjzswpifyp.org
- DNS ASK uc########qbmmvpbsktoprusddq.net
- DNS ASK zv#######kbtifauxojmnfamf.biz
- DNS ASK tw#######kbhzbirdevgmftgy.ru
- DNS ASK th#######umtfelqkhvgqotod.com
- DNS ASK ml#######xolxwgovhelhyljz.info
- DNS ASK ba######wsdxxqcpzfijmjy.com
- DNS ASK pi#######deylizllxxcewcda.biz
- DNS ASK rc#######rkjzpgihaduwkbixiz.com
- DNS ASK in######xpnfacypkfizpbbe.ru
- DNS ASK nv#######nlfmnmrdjwnzxwob.com
- DNS ASK lj#######wequovohqhbahaozh.biz
- DNS ASK iv########ugugubaxpmjbytwskxg.com
- DNS ASK rk#######gfaeqwshlfieivwsojz.ru
- DNS ASK lb#######mxqkhbqrdmydlrin.org
- DNS ASK www.google.com
- DNS ASK kr#########vkvhecidezhdemvizqofy.com
- DNS ASK zp#######fugnjlyhehqtsgif.net
- DNS ASK www.bing.com
- DNS ASK sg#######uhidyyldskqsvpb.biz
- DNS ASK sg######kmjlnbsxorinxdu.com
- DNS ASK us########czjbwharwgyeywkong.info
- DNS ASK lr#######ohvcjrlfykvnvljhus.org
- DNS ASK ai#######jnzxpnpbguxorgmeqsc.ru
- DNS ASK bi#######kjxaqjvtsorvgpvkj.biz
- DNS ASK pn#######ldaugrctsbqhvkxk.info
- DNS ASK tf#######wsqkphavgvmzucpfh.com
- DNS ASK cm#######llwofqpuctsmntcde.net
- '19#.#10.183.125':64673
- '83.##8.15.193':16115
- '68.#4.5.139':9537
- '22#.#41.89.237':2958
- '58.##7.94.220':7747
- '10#.#4.123.69':7866
- '10#.#17.117.139':8593
- '19#.#21.71.208':25083
- '10#.#2.125.62':2185
- '24.##4.43.35':7103
- '19#.#8.55.56':8168
- '17#.#38.233.29':9710
- '80.##9.249.238':2462
- '99.##6.98.160':9544
- '78.##4.87.163':5570
- '79.#.83.47':1351
- '99.##.143.43':4717
- '13#.#32.211.192':7774
- '19#.#6.95.118':8560
- '99.##5.19.113':3354
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'OutlookExpressHiddenWindow' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'