Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Oqov' = '%TEMP%\Poqo\oqov.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\488f58c4a2f02e62] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\services\488f58c4a2f02e62] 'ImagePath' = '<DRIVERS>\488f58c4a2f02e62.sys'
- [<HKLM>\SYSTEM\ControlSet001\services\8fdfd] 'Start' = '00000001'
- '%TEMP%\Poqo\oqov.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<SYSTEM32>\taskhost.exe"
- <SYSTEM32>\cmd.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\oqopliftkdiozdgybenbyptrgt_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lzdeuizdmhkjjngyvkpvwpjfqbuuw_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\emkoftogylnypjyxtwheucikvib_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hindukjijjndetmntireikjxkhgm_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ljfhjzobyqgiftqgpnpmyxmvrg_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\figaivypnbwpyhdqsdusgamvrc_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\alzbeobqkuofuswcilncedatssgk_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\njytyxtugtsygmpvjzqjvtga_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\cvouyxozkvhurhyqghlfeiayp_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vcdaqgjpdytpuohoncmzdkfeytk_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pkfsotcxqgibdgmeqdeaxkzhxs_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ivqghmbibnzbutcaqgedarbu_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lvinjxcmzpgpwgxsvcwotwzj_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pizqeqrsnvrgwdhaqwmrrgcdmp_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ztnbaqkfuucnrxxkfl_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dercqsinvkhqvsdiiscdeivcqgevc_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\scfamemxdusgatoinzydorz_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\rkorwonrprxwbekvnfcakrpvo_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dxcrozlxwdylbuxxozxpaq_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jbdmwcknpovrmnukvhqhknd_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hazphytfmorlbkzcmvsojkfljtrwge_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tkwhkjkvkjamdyhgmtrg_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ixcduhqtpttwwgnrjruscedpfgq_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\rkxylgyfqftwaqpjtglvseyl_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dytgexcvozxirvwaqvgingyvcaicy_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pbgqitchirgxgauorbmkfpvkcu_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\kbijfuonjzrzppvgamfkvbqdojx_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vofabqcmfmrcpydtsemtcnrp_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dmudujrmjeigudehbebupeilbdnj_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vsauequkxcscpzqkivfyepgy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\kvbmrkzlgicyywkibmblrxy_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hpnofwcgaugpftjblvhgijxd_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\buuheitomjduwouofieyxdugm_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lmbvoiqkgapzhdciknvwjnailnr_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zirqwjrijkrytvklzlwinqwxvwt_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mrkpdmslbsfuibprwoqgtktwt_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hmlzvbopfkrgaztrsdexgjbgageon_ru[1]
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Sent Items\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Deleted Items\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Outbox\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Drafts\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\48701BB6-00000001.eml:OECustomProperty
- %TEMP%\JLU2500.bat
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Junk E-mail\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\48701BB6-00000001.eml
- <DRIVERS>\488f58c4a2f02e62.sys
- <LS_APPDATA>\Microsoft\Windows Mail\tmp.edb
- %TEMP%\Poqo\oqov.exe
- <DRIVERS>\8fdfd.sys
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\WindowsMail.MSMessageStore
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\WindowsMail.pat
- <LS_APPDATA>\Microsoft\Windows Mail\edb.log
- <LS_APPDATA>\Microsoft\Windows Mail\edbtmp.log
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\edb00002.log
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\euobgmgalfaewcdtgaipknulzkj_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ijhemrmbhamyhxlwcyxinwtopn_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hmrdqdywoxcipmbdehongyci_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\obrsmbcuydlcapzzrgozhup_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ukbexklrcyhbzofmzxxsnrt_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\aycmmwgoxibxkbcyaijbemymb_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\biceuqirpvqpzthvoljjbicagm_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pswaeobtjvlfpzhlrqgqotsxkxg_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tinpojusldwfmobihyprq_biz[1]
- %TEMP%\ppcrlui_4092_2
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\wctskdbyyxtstsxrsklvprcmtg_org[1]
- %TEMP%\Cab64E9.tmp
- %TEMP%\Tar64FA.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\twhuypcpnhfqbylnprwgulbhwo_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ytdujrawcrwhrwinmvhdkle_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jztwnjxcehyrtgskhebegazlpr_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\qseypfqkjhxmfaulqkncidadat_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\aqmnjtcpworktprvgxwwkfmnvx_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\alzbeobqkuofuswcilncedatssgk_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\figaivypnbwpyhdqsdusgamvrc_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\cvouyxozkvhurhyqghlfeiayp_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vsauequkxcscpzqkivfyepgy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dmudujrmjeigudehbebupeilbdnj_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vofabqcmfmrcpydtsemtcnrp_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\kvbmrkzlgicyywkibmblrxy_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hindukjijjndetmntireikjxkhgm_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\emkoftogylnypjyxtwheucikvib_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dercqsinvkhqvsdiiscdeivcqgevc_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\oqopliftkdiozdgybenbyptrgt_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\njytyxtugtsygmpvjzqjvtga_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ljfhjzobyqgiftqgpnpmyxmvrg_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lzdeuizdmhkjjngyvkpvwpjfqbuuw_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ixcduhqtpttwwgnrjruscedpfgq_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jbdmwcknpovrmnukvhqhknd_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dxcrozlxwdylbuxxozxpaq_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pbgqitchirgxgauorbmkfpvkcu_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dytgexcvozxirvwaqvgingyvcaicy_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\rkxylgyfqftwaqpjtglvseyl_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\kbijfuonjzrzppvgamfkvbqdojx_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mrkpdmslbsfuibprwoqgtktwt_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zirqwjrijkrytvklzlwinqwxvwt_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hpnofwcgaugpftjblvhgijxd_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\buuheitomjduwouofieyxdugm_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tkwhkjkvkjamdyhgmtrg_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hazphytfmorlbkzcmvsojkfljtrwge_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lmbvoiqkgapzhdciknvwjnailnr_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jztwnjxcehyrtgskhebegazlpr_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ytdujrawcrwhrwinmvhdkle_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\aqmnjtcpworktprvgxwwkfmnvx_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hmrdqdywoxcipmbdehongyci_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ijhemrmbhamyhxlwcyxinwtopn_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\euobgmgalfaewcdtgaipknulzkj_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\obrsmbcuydlcapzzrgozhup_biz[1]
- %TEMP%\Tar64FA.tmp
- %TEMP%\Cab64E9.tmp
- <DRIVERS>\8fdfd.sys
- %TEMP%\ppcrlui_4092_2
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\qseypfqkjhxmfaulqkncidadat_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\twhuypcpnhfqbylnprwgulbhwo_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\wctskdbyyxtstsxrsklvprcmtg_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pkfsotcxqgibdgmeqdeaxkzhxs_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vcdaqgjpdytpuohoncmzdkfeytk_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lvinjxcmzpgpwgxsvcwotwzj_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pizqeqrsnvrgwdhaqwmrrgcdmp_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ztnbaqkfuucnrxxkfl_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\rkorwonrprxwbekvnfcakrpvo_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\scfamemxdusgatoinzydorz_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tinpojusldwfmobihyprq_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pswaeobtjvlfpzhlrqgqotsxkxg_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ukbexklrcyhbzofmzxxsnrt_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\aycmmwgoxibxkbcyaijbemymb_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ivqghmbibnzbutcaqgedarbu_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hmlzvbopfkrgaztrsdexgjbgageon_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\biceuqirpvqpzthvoljjbicagm_com[1]
- from <LS_APPDATA>\Microsoft\Windows Mail\edbtmp.log to <LS_APPDATA>\Microsoft\Windows Mail\edb.log
- 'vs#######cscpzqkivfyepgy.com':80
- 'al#######uofuswcilncedatssgk.ru':80
- 'fi#######bwpyhdqsdusgamvrc.biz':80
- 'dm########igudehbebupeilbdnj.biz':80
- 'vo#######mrcpydtsemtcnrp.org':80
- 'kv#######icyywkibmblrxy.info':80
- 'cv#######vhurhyqghlfeiayp.info':80
- 'oq#######diozdgybenbyptrgt.ru':80
- 'hi########ndetmntireikjxkhgm.com':80
- 'em#######lnypjyxtwheucikvib.net':80
- 'nj#######tsygmpvjzqjvtga.org':80
- 'lj#######qgiftqgpnpmyxmvrg.net':80
- 'lz########kjjngyvkpvwpjfqbuuw.com':80
- 'hp#######ugpftjblvhgijxd.com':80
- 'pb#######rgxgauorbmkfpvkcu.org':80
- 'ix#######ttwwgnrjruscedpfgq.biz':80
- 'jb######povrmnukvhqhknd.com':80
- 'dy########xirvwaqvgingyvcaicy.ru':80
- 'rk#######ftwaqpjtglvseyl.com':80
- 'kb#######zrzppvgamfkvbqdojx.net':80
- 'dx######wdylbuxxozxpaq.ru':80
- 'bu#######jduwouofieyxdugm.net':80
- 'mr#######sfuibprwoqgtktwt.com':80
- 'zi#######krytvklzlwinqwxvwt.ru':80
- 'tk######kjamdyhgmtrg.com':80
- 'ha########rlbkzcmvsojkfljtrwge.info':80
- 'lm#######apzhdciknvwjnailnr.biz':80
- 'ob######ydlcapzzrgozhup.biz':80
- 'hm#######xcipmbdehongyci.org':80
- 'jz#######hyrtgskhebegazlpr.net':80
- 'uk######cyhbzofmzxxsnrt.com':80
- 'ij#######amyhxlwcyxinwtopn.ru':80
- 'eu#######faewcdtgaipknulzkj.com':80
- 'yt######crwhrwinmvhdkle.com':80
- 'wc#######xtstsxrsklvprcmtg.org':80
- 'www.bing.com':80
- '74.##5.232.51':80
- 'aq#######orktprvgxwwkfmnvx.ru':80
- 'qs#######hxmfaulqkncidadat.biz':80
- 'tw#######hfqbylnprwgulbhwo.net':80
- 'ps########lfpzhlrqgqotsxkxg.info':80
- 'sc######dusgatoinzydorz.ru':80
- 'pi#######vrgwdhaqwmrrgcdmp.com':80
- 'pk#######gibdgmeqdeaxkzhxs.info':80
- 'de########hqvsdiiscdeivcqgevc.org':80
- 'zt#####fuucnrxxkfl.info':80
- 'rk#######rxwbekvnfcakrpvo.biz':80
- 'vc#######ytpuohoncmzdkfeytk.org':80
- 'bi#######vqpzthvoljjbicagm.com':80
- 'ay#######ibxkbcyaijbemymb.net':80
- 'ti######ldwfmobihyprq.biz':80
- 'lv#######pgpwgxsvcwotwzj.biz':80
- 'iv#######nzbutcaqgedarbu.com':80
- 'hm########rgaztrsdexgjbgageon.ru':80
- vs#######cscpzqkivfyepgy.com/
- al#######uofuswcilncedatssgk.ru/
- fi#######bwpyhdqsdusgamvrc.biz/
- dm########igudehbebupeilbdnj.biz/
- vo#######mrcpydtsemtcnrp.org/
- kv#######icyywkibmblrxy.info/
- cv#######vhurhyqghlfeiayp.info/
- oq#######diozdgybenbyptrgt.ru/
- hi########ndetmntireikjxkhgm.com/
- em#######lnypjyxtwheucikvib.net/
- nj#######tsygmpvjzqjvtga.org/
- lj#######qgiftqgpnpmyxmvrg.net/
- lz########kjjngyvkpvwpjfqbuuw.com/
- hp#######ugpftjblvhgijxd.com/
- pb#######rgxgauorbmkfpvkcu.org/
- ix#######ttwwgnrjruscedpfgq.biz/
- jb######povrmnukvhqhknd.com/
- dy########xirvwaqvgingyvcaicy.ru/
- rk#######ftwaqpjtglvseyl.com/
- kb#######zrzppvgamfkvbqdojx.net/
- dx######wdylbuxxozxpaq.ru/
- bu#######jduwouofieyxdugm.net/
- mr#######sfuibprwoqgtktwt.com/
- zi#######krytvklzlwinqwxvwt.ru/
- tk######kjamdyhgmtrg.com/
- ha########rlbkzcmvsojkfljtrwge.info/
- lm#######apzhdciknvwjnailnr.biz/
- ob######ydlcapzzrgozhup.biz/
- hm#######xcipmbdehongyci.org/
- jz#######hyrtgskhebegazlpr.net/
- uk######cyhbzofmzxxsnrt.com/
- ij#######amyhxlwcyxinwtopn.ru/
- eu#######faewcdtgaipknulzkj.com/
- yt######crwhrwinmvhdkle.com/
- wc#######xtstsxrsklvprcmtg.org/
- www.bing.com/
- 74.##5.232.51/
- aq#######orktprvgxwwkfmnvx.ru/
- qs#######hxmfaulqkncidadat.biz/
- tw#######hfqbylnprwgulbhwo.net/
- ps########lfpzhlrqgqotsxkxg.info/
- sc######dusgatoinzydorz.ru/
- pi#######vrgwdhaqwmrrgcdmp.com/
- pk#######gibdgmeqdeaxkzhxs.info/
- de########hqvsdiiscdeivcqgevc.org/
- zt#####fuucnrxxkfl.info/
- rk#######rxwbekvnfcakrpvo.biz/
- vc#######ytpuohoncmzdkfeytk.org/
- bi#######vqpzthvoljjbicagm.com/
- ay#######ibxkbcyaijbemymb.net/
- ti######ldwfmobihyprq.biz/
- lv#######pgpwgxsvcwotwzj.biz/
- iv#######nzbutcaqgedarbu.com/
- hm########rgaztrsdexgjbgageon.ru/
- DNS ASK hi########ndetmntireikjxkhgm.com
- DNS ASK oq#######diozdgybenbyptrgt.ru
- DNS ASK de########hqvsdiiscdeivcqgevc.org
- DNS ASK em#######lnypjyxtwheucikvib.net
- DNS ASK lz########kjjngyvkpvwpjfqbuuw.com
- DNS ASK cv#######vhurhyqghlfeiayp.info
- DNS ASK fi#######bwpyhdqsdusgamvrc.biz
- DNS ASK lj#######qgiftqgpnpmyxmvrg.net
- DNS ASK nj#######tsygmpvjzqjvtga.org
- DNS ASK lv#######pgpwgxsvcwotwzj.biz
- DNS ASK vc#######ytpuohoncmzdkfeytk.org
- DNS ASK da######jztobmyxizxpbvo.biz
- DNS ASK iv#######nzbutcaqgedarbu.com
- DNS ASK pk#######gibdgmeqdeaxkzhxs.info
- DNS ASK rk#######rxwbekvnfcakrpvo.biz
- DNS ASK zt#####fuucnrxxkfl.info
- DNS ASK pi#######vrgwdhaqwmrrgcdmp.com
- DNS ASK sc######dusgatoinzydorz.ru
- DNS ASK al#######uofuswcilncedatssgk.ru
- DNS ASK dx######wdylbuxxozxpaq.ru
- DNS ASK jb######povrmnukvhqhknd.com
- DNS ASK ha########rlbkzcmvsojkfljtrwge.info
- DNS ASK tk######kjamdyhgmtrg.com
- DNS ASK ix#######ttwwgnrjruscedpfgq.biz
- DNS ASK rk#######ftwaqpjtglvseyl.com
- DNS ASK dy########xirvwaqvgingyvcaicy.ru
- DNS ASK pb#######rgxgauorbmkfpvkcu.org
- DNS ASK kb#######zrzppvgamfkvbqdojx.net
- DNS ASK vo#######mrcpydtsemtcnrp.org
- DNS ASK dm########igudehbebupeilbdnj.biz
- DNS ASK vs#######cscpzqkivfyepgy.com
- DNS ASK kv#######icyywkibmblrxy.info
- DNS ASK hp#######ugpftjblvhgijxd.com
- DNS ASK bu#######jduwouofieyxdugm.net
- DNS ASK lm#######apzhdciknvwjnailnr.biz
- DNS ASK zi#######krytvklzlwinqwxvwt.ru
- DNS ASK mr#######sfuibprwoqgtktwt.com
- DNS ASK aq#######orktprvgxwwkfmnvx.ru
- DNS ASK qs#######hxmfaulqkncidadat.biz
- DNS ASK jz#######hyrtgskhebegazlpr.net
- DNS ASK yt######crwhrwinmvhdkle.com
- DNS ASK tw#######hfqbylnprwgulbhwo.net
- DNS ASK www.google.com
- DNS ASK hm########rgaztrsdexgjbgageon.ru
- DNS ASK wc#######xtstsxrsklvprcmtg.org
- DNS ASK www.bing.com
- DNS ASK ti######ldwfmobihyprq.biz
- DNS ASK ps########lfpzhlrqgqotsxkxg.info
- DNS ASK bi#######vqpzthvoljjbicagm.com
- DNS ASK ay#######ibxkbcyaijbemymb.net
- DNS ASK uk######cyhbzofmzxxsnrt.com
- DNS ASK ob######ydlcapzzrgozhup.biz
- DNS ASK hm#######xcipmbdehongyci.org
- DNS ASK ij#######amyhxlwcyxinwtopn.ru
- DNS ASK eu#######faewcdtgaipknulzkj.com
- '11#.#3.65.162':2573
- '16#.#3.211.182':8424
- '87.##3.112.229':5528
- '23.##.64.182':7013
- '13#.#7.198.100':2430
- '31.##.186.225':7922
- '13#.91.2.62':9700
- '11#.#4.187.155':3957
- '61.##4.150.9':6958
- '37.##.41.161':2190
- '2.##.58.208':5844
- '23.##.133.13':7608
- '23.#6.34.43':6953
- '23.##.72.192':4945
- '13#.#1.49.30':2838
- '19#.#34.52.206':9329
- '19#.#8.138.100':5445
- '67.##8.254.65':2923
- '13#.#17.197.217':5848
- '16#.#1.80.142':9272
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'OutlookExpressHiddenWindow' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'