Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Guubyj' = '%APPDATA%\Roaming\Duqe\guubyj.exe'
- '%APPDATA%\Roaming\Duqe\guubyj.exe'
- '<SYSTEM32>\wermgr.exe' -queuereporting
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<SYSTEM32>\taskhost.exe"
- <SYSTEM32>\cmd.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tdhqspqqroyxzxwgjzuglt_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\usgqwsgepxoamhqcimnkzofvsso_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\eqjfeyhgiaewsrwfqjrvcivtx_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pdkydlbebiztzxgsyhmzobplj_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\incaltagyaitylwklfgutofxg_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hisojnmbpivxwksccivgouoxkjnp_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nzbypznzpntivusvcltgxdgqr_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ijeawgdpzhaxeqkblsukel_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\bqheayceozqgmkfsqvcxusxnbrk_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\airotwqsheofpltmrxbiy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\cebuhidmgyqcyovmjtgbqdqxcqs_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lbhmhinrsojddygadavwrowobyus_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ozdbqxgypydjzwcdlfukemrsinp_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\fegetlwvwjftijenrauuost_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ofarwfquoztojtwaiizamaixw_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ydjnnjbqxklffadibqxcybizt_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\qwfumzeuptgciainvtxkpjf_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ivhcetwgrwpbafmlbheton_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lbjzpgrkbaciuaegiknxlvnbq_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mnwkrwnvwsscrwnrtkuhyvswcin_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zpxgeqpnaynflbiftdeksotkf_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\yhjnfacecqovcyxdqwplsouvg_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\rsjbkzjfzppfgytdeeuphaleydmeu_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vspirlvpfagtkrdvsqcpptlz_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\fueaqkwonzgelpnugugivsh_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\njhpbvsiozobhqonxpfqcvkkjw_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\llzscfeneaofriamyptovon_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\qccygqwhhtgjfeeimjlmf_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mrdwgqozztqkkbxgvoojfqpjxha_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\movwkaiwclzcqpffafizlpnnbvqgln_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xmjlfgskjblfafuprjrwkuoqrshq_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xibxeqwcmjrvgozdaprorgyprt_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\fykbonlgmugztcmsgmfmfamdils_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ozpdmibailrayxopfryppf_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\posowcwcwowodmcahelvrkbyvhegy_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\butwvfixovkkzxccaobthedtofcu_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\voasoovfezojfevwtwkbpljir_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\fvamjneqfikbehilbublnkv_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\urwxcexktwcytwfyxsmvuwxbu_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jftvdikusydhayauxcexucr_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nzbytqpjdqjzkjsklpnztteu_ru[1]
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\41AB52EA-00000001.eml
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\41AB52EA-00000001.eml:OECustomProperty
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Junk E-mail\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Deleted Items\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Drafts\winmail.fol
- %TEMP%\ppcrlui_2864_2
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zhkfydobtofcyqlizvkhcuuctl_org[1]
- %TEMP%\Tar407A.tmp
- %TEMP%\NMSB253.bat
- %TEMP%\Cab4079.tmp
- <LS_APPDATA>\Microsoft\Windows Mail\edbtmp.log
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\edb00002.log
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\WindowsMail.MSMessageStore
- %APPDATA%\Roaming\Duqe\guubyj.exe
- <LS_APPDATA>\Microsoft\Windows Mail\tmp.edb
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Outbox\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Sent Items\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\WindowsMail.pat
- <LS_APPDATA>\Microsoft\Windows Mail\edb.log
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hnvrrnrxgdibiuoofhuugqwmbt_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zhyfeifhiztivdytsgqokfqsba_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\krofgwgyeyhatgmkzcypyhyheiai_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\gelzirqsjijtoxxtucbigjzhyci_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xcsknbfjivzonlrpvzxdynz_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\scivinjzzdqyirkplnptclzdxc_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pnxnvhqhqobraqjrdeaynzdipug_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zdzplbqdnfaqrkuskbkfhxpjmb_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ecaqgusbmpmjbbishmlbkfdazx_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\eytorvwdkfbyibtktwskfmzga_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pbbemeqlaprohesglrpjmozlto_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nztuswpflriijqckjhdyfeskqglj_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hivsmfzhwobiiydeqembqhmfsgqkpn_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xucnbtkcltonfjlzknlxogyzdnb_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\wkjbukvqslinjfmvrctgdyh_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ydxozpjfmnppxnfpduropf_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\fyuwxfylryxjbwintghetingy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ldzdztdudkrkvxdrwuc_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nfincqxkzldmoflnzhwhhiuw_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\eivlnbevgnvlrncwottlvb_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hisojnmbpivxwksccivgouoxkjnp_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nzbypznzpntivusvcltgxdgqr_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\airotwqsheofpltmrxbiy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ijeawgdpzhaxeqkblsukel_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\fykbonlgmugztcmsgmfmfamdils_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xmjlfgskjblfafuprjrwkuoqrshq_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ozpdmibailrayxopfryppf_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\posowcwcwowodmcahelvrkbyvhegy_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pdkydlbebiztzxgsyhmzobplj_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\incaltagyaitylwklfgutofxg_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ydjnnjbqxklffadibqxcybizt_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\qwfumzeuptgciainvtxkpjf_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\usgqwsgepxoamhqcimnkzofvsso_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\bqheayceozqgmkfsqvcxusxnbrk_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\eqjfeyhgiaewsrwfqjrvcivtx_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tdhqspqqroyxzxwgjzuglt_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\yhjnfacecqovcyxdqwplsouvg_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mrdwgqozztqkkbxgvoojfqpjxha_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\rsjbkzjfzppfgytdeeuphaleydmeu_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zpxgeqpnaynflbiftdeksotkf_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\njhpbvsiozobhqonxpfqcvkkjw_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\llzscfeneaofriamyptovon_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\movwkaiwclzcqpffafizlpnnbvqgln_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\qccygqwhhtgjfeeimjlmf_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jftvdikusydhayauxcexucr_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\fvamjneqfikbehilbublnkv_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xibxeqwcmjrvgozdaprorgyprt_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\urwxcexktwcytwfyxsmvuwxbu_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vspirlvpfagtkrdvsqcpptlz_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\fueaqkwonzgelpnugugivsh_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\butwvfixovkkzxccaobthedtofcu_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\voasoovfezojfevwtwkbpljir_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ivhcetwgrwpbafmlbheton_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\eivlnbevgnvlrncwottlvb_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ldzdztdudkrkvxdrwuc_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nztuswpflriijqckjhdyfeskqglj_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nfincqxkzldmoflnzhwhhiuw_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\gelzirqsjijtoxxtucbigjzhyci_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xcsknbfjivzonlrpvzxdynz_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ydxozpjfmnppxnfpduropf_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\fyuwxfylryxjbwintghetingy_com[1]
- %TEMP%\ppcrlui_2864_2
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zhkfydobtofcyqlizvkhcuuctl_org[1]
- %TEMP%\Cab4079.tmp
- %TEMP%\Tar407A.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hivsmfzhwobiiydeqembqhmfsgqkpn_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pbbemeqlaprohesglrpjmozlto_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xucnbtkcltonfjlzknlxogyzdnb_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\wkjbukvqslinjfmvrctgdyh_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ofarwfquoztojtwaiizamaixw_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ozdbqxgypydjzwcdlfukemrsinp_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nzbytqpjdqjzkjsklpnztteu_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\fegetlwvwjftijenrauuost_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lbjzpgrkbaciuaegiknxlvnbq_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mnwkrwnvwsscrwnrtkuhyvswcin_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\cebuhidmgyqcyovmjtgbqdqxcqs_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lbhmhinrsojddygadavwrowobyus_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zhyfeifhiztivdytsgqokfqsba_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ecaqgusbmpmjbbishmlbkfdazx_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\krofgwgyeyhatgmkzcypyhyheiai_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hnvrrnrxgdibiuoofhuugqwmbt_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\scivinjzzdqyirkplnptclzdxc_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pnxnvhqhqobraqjrdeaynzdipug_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\eytorvwdkfbyibtktwskfmzga_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zdzplbqdnfaqrkuskbkfhxpjmb_org[1]
- <LS_APPDATA>\Microsoft\Windows Mail\edbtmp.log в <LS_APPDATA>\Microsoft\Windows Mail\edb.log
- 'hi########vxwksccivgouoxkjnp.com':80
- 'nz#######ntivusvcltgxdgqr.net':80
- 'ai######heofpltmrxbiy.com':80
- 'ij######zhaxeqkblsukel.ru':80
- 'fy#######ugztcmsgmfmfamdils.biz':80
- 'xm#######blfafuprjrwkuoqrshq.ru':80
- 'oz######ilrayxopfryppf.org':80
- 'po########wodmcahelvrkbyvhegy.info':80
- 'pd#######iztzxgsyhmzobplj.com':80
- 'in#######aitylwklfgutofxg.ru':80
- 'yd#######klffadibqxcybizt.org':80
- 'qw#######tgciainvtxkpjf.info':80
- 'us#######xoamhqcimnkzofvsso.org':80
- 'bq#######zqgmkfsqvcxusxnbrk.net':80
- 'eq#######aewsrwfqjrvcivtx.biz':80
- 'td######royxzxwgjzuglt.info':80
- 'yh#######qovcyxdqwplsouvg.com':80
- 'mr#######tqkkbxgvoojfqpjxha.ru':80
- 'rs########pfgytdeeuphaleydmeu.biz':80
- 'zp#######ynflbiftdeksotkf.info':80
- 'nj#######zobhqonxpfqcvkkjw.org':80
- 'll######eaofriamyptovon.net':80
- 'mo########zcqpffafizlpnnbvqgln.com':80
- 'qc######htgjfeeimjlmf.biz':80
- 'jf######sydhayauxcexucr.org':80
- 'fv######fikbehilbublnkv.biz':80
- 'xi#######jrvgozdaprorgyprt.com':80
- 'ur#######wcytwfyxsmvuwxbu.info':80
- 'vs#######agtkrdvsqcpptlz.com':80
- 'fu######nzgelpnugugivsh.net':80
- 'bu########kkzxccaobthedtofcu.com':80
- 'vo#######zojfevwtwkbpljir.ru':80
- 'ld#####udkrkvxdrwuc.com':80
- 'yd######mnppxnfpduropf.ru':80
- 'nf#######ldmoflnzhwhhiuw.org':80
- 'ei######gnvlrncwottlvb.info':80
- 'xc######ivzonlrpvzxdynz.org':80
- 'kr########hatgmkzcypyhyheiai.net':80
- 'fy#######yxjbwintghetingy.com':80
- 'ge########jtoxxtucbigjzhyci.info':80
- 'zh#######ofcyqlizvkhcuuctl.org':80
- 'xu#######tonfjlzknlxogyzdnb.net':80
- '74.##5.232.51':80
- 'www.bing.com':80
- 'pb#######prohesglrpjmozlto.biz':80
- 'nz########iijqckjhdyfeskqglj.net':80
- 'wk######slinjfmvrctgdyh.com':80
- 'hi########biiydeqembqhmfsgqkpn.ru':80
- 'oz#######ydjzwcdlfukemrsinp.biz':80
- 'ce#######yqcyovmjtgbqdqxcqs.net':80
- 'fe######wjftijenrauuost.com':80
- 'of#######ztojtwaiizamaixw.info':80
- 'mn#######sscrwnrtkuhyvswcin.com':80
- 'iv######rwpbafmlbheton.biz':80
- 'lb########jddygadavwrowobyus.com':80
- 'lb#######aciuaegiknxlvnbq.ru':80
- 'ec#######pmjbbishmlbkfdazx.com':80
- 'ey#######fbyibtktwskfmzga.net':80
- 'hn#######dibiuoofhuugqwmbt.biz':80
- 'zh#######ztivdytsgqokfqsba.ru':80
- 'pn#######obraqjrdeaynzdipug.com':80
- 'nz######dqjzkjsklpnztteu.ru':80
- 'zd#######faqrkuskbkfhxpjmb.org':80
- 'sc#######dqyirkplnptclzdxc.biz':80
- hi########vxwksccivgouoxkjnp.com/
- nz#######ntivusvcltgxdgqr.net/
- ai######heofpltmrxbiy.com/
- ij######zhaxeqkblsukel.ru/
- fy#######ugztcmsgmfmfamdils.biz/
- xm#######blfafuprjrwkuoqrshq.ru/
- oz######ilrayxopfryppf.org/
- po########wodmcahelvrkbyvhegy.info/
- pd#######iztzxgsyhmzobplj.com/
- in#######aitylwklfgutofxg.ru/
- yd#######klffadibqxcybizt.org/
- qw#######tgciainvtxkpjf.info/
- us#######xoamhqcimnkzofvsso.org/
- bq#######zqgmkfsqvcxusxnbrk.net/
- eq#######aewsrwfqjrvcivtx.biz/
- td######royxzxwgjzuglt.info/
- yh#######qovcyxdqwplsouvg.com/
- mr#######tqkkbxgvoojfqpjxha.ru/
- rs########pfgytdeeuphaleydmeu.biz/
- zp#######ynflbiftdeksotkf.info/
- nj#######zobhqonxpfqcvkkjw.org/
- ll######eaofriamyptovon.net/
- mo########zcqpffafizlpnnbvqgln.com/
- qc######htgjfeeimjlmf.biz/
- jf######sydhayauxcexucr.org/
- fv######fikbehilbublnkv.biz/
- xi#######jrvgozdaprorgyprt.com/
- ur#######wcytwfyxsmvuwxbu.info/
- vs#######agtkrdvsqcpptlz.com/
- fu######nzgelpnugugivsh.net/
- bu########kkzxccaobthedtofcu.com/
- vo#######zojfevwtwkbpljir.ru/
- ld#####udkrkvxdrwuc.com/
- yd######mnppxnfpduropf.ru/
- nf#######ldmoflnzhwhhiuw.org/
- ei######gnvlrncwottlvb.info/
- xc######ivzonlrpvzxdynz.org/
- kr########hatgmkzcypyhyheiai.net/
- fy#######yxjbwintghetingy.com/
- ge########jtoxxtucbigjzhyci.info/
- zh#######ofcyqlizvkhcuuctl.org/
- xu#######tonfjlzknlxogyzdnb.net/
- 74.##5.232.51/
- www.bing.com/
- pb#######prohesglrpjmozlto.biz/
- nz########iijqckjhdyfeskqglj.net/
- wk######slinjfmvrctgdyh.com/
- hi########biiydeqembqhmfsgqkpn.ru/
- oz#######ydjzwcdlfukemrsinp.biz/
- ce#######yqcyovmjtgbqdqxcqs.net/
- fe######wjftijenrauuost.com/
- of#######ztojtwaiizamaixw.info/
- mn#######sscrwnrtkuhyvswcin.com/
- iv######rwpbafmlbheton.biz/
- lb########jddygadavwrowobyus.com/
- lb#######aciuaegiknxlvnbq.ru/
- ec#######pmjbbishmlbkfdazx.com/
- ey#######fbyibtktwskfmzga.net/
- hn#######dibiuoofhuugqwmbt.biz/
- zh#######ztivdytsgqokfqsba.ru/
- pn#######obraqjrdeaynzdipug.com/
- nz######dqjzkjsklpnztteu.ru/
- zd#######faqrkuskbkfhxpjmb.org/
- sc#######dqyirkplnptclzdxc.biz/
- DNS ASK eq#######aewsrwfqjrvcivtx.biz
- DNS ASK td######royxzxwgjzuglt.info
- DNS ASK in#######aitylwklfgutofxg.ru
- DNS ASK qw#######tgciainvtxkpjf.info
- DNS ASK pd#######iztzxgsyhmzobplj.com
- DNS ASK ij######zhaxeqkblsukel.ru
- DNS ASK hi########vxwksccivgouoxkjnp.com
- DNS ASK ai######heofpltmrxbiy.com
- DNS ASK us#######xoamhqcimnkzofvsso.org
- DNS ASK bq#######zqgmkfsqvcxusxnbrk.net
- DNS ASK oz#######ydjzwcdlfukemrsinp.biz
- DNS ASK ce#######yqcyovmjtgbqdqxcqs.net
- DNS ASK of#######ztojtwaiizamaixw.info
- DNS ASK ll######eaofriamyptovon.net
- DNS ASK fe######wjftijenrauuost.com
- DNS ASK iv######rwpbafmlbheton.biz
- DNS ASK yd#######klffadibqxcybizt.org
- DNS ASK mn#######sscrwnrtkuhyvswcin.com
- DNS ASK lb########jddygadavwrowobyus.com
- DNS ASK lb#######aciuaegiknxlvnbq.ru
- DNS ASK rs########pfgytdeeuphaleydmeu.biz
- DNS ASK zp#######ynflbiftdeksotkf.info
- DNS ASK fu######nzgelpnugugivsh.net
- DNS ASK vo#######zojfevwtwkbpljir.ru
- DNS ASK vs#######agtkrdvsqcpptlz.com
- DNS ASK qc######htgjfeeimjlmf.biz
- DNS ASK nj#######zobhqonxpfqcvkkjw.org
- DNS ASK mo########zcqpffafizlpnnbvqgln.com
- DNS ASK yh#######qovcyxdqwplsouvg.com
- DNS ASK mr#######tqkkbxgvoojfqpjxha.ru
- DNS ASK fy#######ugztcmsgmfmfamdils.biz
- DNS ASK xm#######blfafuprjrwkuoqrshq.ru
- DNS ASK po########wodmcahelvrkbyvhegy.info
- DNS ASK nz#######ntivusvcltgxdgqr.net
- DNS ASK oz######ilrayxopfryppf.org
- DNS ASK fv######fikbehilbublnkv.biz
- DNS ASK bu########kkzxccaobthedtofcu.com
- DNS ASK jf######sydhayauxcexucr.org
- DNS ASK xi#######jrvgozdaprorgyprt.com
- DNS ASK ur#######wcytwfyxsmvuwxbu.info
- DNS ASK nz########iijqckjhdyfeskqglj.net
- DNS ASK pb#######prohesglrpjmozlto.biz
- DNS ASK hi########biiydeqembqhmfsgqkpn.ru
- DNS ASK ld#####udkrkvxdrwuc.com
- DNS ASK ei######gnvlrncwottlvb.info
- DNS ASK nf#######ldmoflnzhwhhiuw.org
- DNS ASK www.bing.com
- DNS ASK www.google.com
- DNS ASK nz######dqjzkjsklpnztteu.ru
- DNS ASK wk######slinjfmvrctgdyh.com
- DNS ASK xu#######tonfjlzknlxogyzdnb.net
- DNS ASK zh#######ofcyqlizvkhcuuctl.org
- DNS ASK ey#######fbyibtktwskfmzga.net
- DNS ASK ec#######pmjbbishmlbkfdazx.com
- DNS ASK zh#######ztivdytsgqokfqsba.ru
- DNS ASK pn#######obraqjrdeaynzdipug.com
- DNS ASK sc#######dqyirkplnptclzdxc.biz
- DNS ASK zd#######faqrkuskbkfhxpjmb.org
- DNS ASK ge########jtoxxtucbigjzhyci.info
- DNS ASK fy#######yxjbwintghetingy.com
- DNS ASK yd######mnppxnfpduropf.ru
- DNS ASK hn#######dibiuoofhuugqwmbt.biz
- DNS ASK kr########hatgmkzcypyhyheiai.net
- DNS ASK xc######ivzonlrpvzxdynz.org
- '95.##7.161.23':29511
- '95.#5.37.77':28927
- '17#.#3.147.65':3319
- '19#.#02.83.105':16419
- '89.##9.19.158':9896
- '94.##0.224.115':8696
- '12#.#38.67.140':4636
- '10#.#4.172.39':3059
- '79.##9.11.65':7570
- '66.##.204.26':24382
- '79.##.154.174':7520
- '1.##.96.229':25694
- '18#.#42.108.42':4510
- '82.##1.141.181':4826
- '46.#9.36.20':9752
- '95.##6.170.150':1787
- '10#.#17.117.139':8593
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'OutlookExpressHiddenWindow' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'