Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Qewoj' = '%TEMP%\Huomo\qewoj.exe'
Создает следующие сервисы:
- [<HKLM>\SYSTEM\ControlSet001\services\71216506cb81d997] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\services\71216506cb81d997] 'ImagePath' = '<DRIVERS>\71216506cb81d997.sys'
- [<HKLM>\SYSTEM\ControlSet001\services\62ce9] 'Start' = '00000001'
Вредоносные функции:
Создает и запускает на исполнение:
- '%TEMP%\Huomo\qewoj.exe'
Запускает на исполнение:
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%WINDIR%\explorer.exe"
Внедряет код в
следующие системные процессы:
- <SYSTEM32>\cmd.exe
Изменения в файловой системе:
Создает следующие файлы:
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dqhleiojheayfuzxkvxtkyppfit_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\huculvdnblaikzzdtwxgehmrfusk_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lzphepjfqtfysgbmnzonfipzdlfce_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nvcyxnfuwgtdmlbdidauclxozp_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\fyrcllylhyaqeusgypphhuscwch_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ijheqckjcipkfwgkftskztkusdq_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lzdllfeacxcrslbnrrgfaamfe_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jnvgrcqccpqskbyeukflft_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zdxgcevcfylflhafixgnvemfgupfnv_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ylfykfonxgkqcyxpnzhkrzhcqm_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\huzlljylxoeyytorzhvwsyhcytwqc_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pjetggqdetpnjuemizjz_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zvckfmduxpnvspvgwctipvpv_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nvhyhrsiflcqfuiveyojdiofv_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vkvbywwolxnrjvplntcamukonh_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tnnrmnizdswlnlveuyppfsay_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\sizhmvgojtkjtoqwweuozwdzhd_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\eavcgelbisckfgiljhmzpmvbux_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ytvivmjytdqfmqovvkdytfqlneiha_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xdycalrnjxfylhlzkveqovau_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ylhxgofprfezhfeeylaytgabukbd_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\uokqcaxktmbazppnzpuukl_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vsgjfxcicqcheydiziflrtzdxgy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\kvnveqvoheznvcyaqvcxvcamkfusx_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nbivljijukcahqylfedeylwsqwmr_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xrpwsxkbfugmxgpzibdjb_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hudxkhxnjaimrtkvwcqwln_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tpbtpnrowsonukahqxwrscramr_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dinfytgedixslnlemoneipqwcyl_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lzbegqxugcdithykbvsnrfuga_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\twvklbdermnlcudgtbqaeppmv_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dqcirbupdumfkzshydrs_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ljdipobemljpjqwmfzltprhqljz_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mncilbzdnzhmvmfuljpz_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\wgrwhacizhifgmzpyhrtctp_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tnrnkvlnjdkknughmjfemz_com[1]
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Sent Items\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Deleted Items\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Outbox\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\29F314A7-00000001.eml
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Inbox\29F314A7-00000001.eml:OECustomProperty
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Drafts\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\Local Folders\Junk E-mail\winmail.fol
- <LS_APPDATA>\Microsoft\Windows Mail\edb.log
- <DRIVERS>\71216506cb81d997.sys
- <LS_APPDATA>\Microsoft\Windows Mail\tmp.edb
- %TEMP%\Huomo\qewoj.exe
- <DRIVERS>\62ce9.sys
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\edb00002.log
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\WindowsMail.pat
- <LS_APPDATA>\Microsoft\Windows Mail\Backup\temp\WindowsMail.MSMessageStore
- <LS_APPDATA>\Microsoft\Windows Mail\edbtmp.log
- %TEMP%\HEF904B.bat
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vcbmmjvghabjfnbqgerkztfufi_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mvxeumnrwlhqwcdtydwcsoteqlj_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\obkzsczdhqknscemkzqgkbgmntwwp_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dnfxklsxweuhhadmxcxyhxx_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\qwlpucjnmbhutbqdnvrkeqtcsglz_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tmnhiqkbmpjsczdxkwgpvnjemv_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\holvearohmxmznjytnbhylvw_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\unfmfwgmvzpmvmrmvptgbm_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\yhhyxtwqjbpuclnbvkvydbenz_net[1]
- %TEMP%\ppcrlui_4020_2
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xpdvkfuxmpfburcxknvsibofor_com[1]
- %TEMP%\Cab9932.tmp
- %TEMP%\Tar9943.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\remwkxkzovofxwxcubipaeayl_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\inlpinnequhifpivfqtwl_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ldpjnzcafmxxnfdlzgmlblpl_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\haozplncawomrinljbanzjnmsgcin_com[1]
Удаляет следующие файлы:
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\eavcgelbisckfgiljhmzpmvbux_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ijheqckjcipkfwgkftskztkusdq_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\fyrcllylhyaqeusgypphhuscwch_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tpbtpnrowsonukahqxwrscramr_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\twvklbdermnlcudgtbqaeppmv_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lzbegqxugcdithykbvsnrfuga_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\jnvgrcqccpqskbyeukflft_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nvcyxnfuwgtdmlbdidauclxozp_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lzphepjfqtfysgbmnzonfipzdlfce_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zdxgcevcfylflhafixgnvemfgupfnv_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\lzdllfeacxcrslbnrrgfaamfe_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\huculvdnblaikzzdtwxgehmrfusk_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dqhleiojheayfuzxkvxtkyppfit_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dinfytgedixslnlemoneipqwcyl_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nbivljijukcahqylfedeylwsqwmr_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xdycalrnjxfylhlzkveqovau_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ytvivmjytdqfmqovvkdytfqlneiha_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\kvnveqvoheznvcyaqvcxvcamkfusx_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vsgjfxcicqcheydiziflrtzdxgy_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xrpwsxkbfugmxgpzibdjb_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\uokqcaxktmbazppnzpuukl_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dqcirbupdumfkzshydrs_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\wgrwhacizhifgmzpyhrtctp_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mncilbzdnzhmvmfuljpz_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ylhxgofprfezhfeeylaytgabukbd_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\hudxkhxnjaimrtkvwcqwln_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ljdipobemljpjqwmfzltprhqljz_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\yhhyxtwqjbpuclnbvkvydbenz_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\inlpinnequhifpivfqtwl_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\remwkxkzovofxwxcubipaeayl_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vcbmmjvghabjfnbqgerkztfufi_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\dnfxklsxweuhhadmxcxyhxx_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\obkzsczdhqknscemkzqgkbgmntwwp_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\haozplncawomrinljbanzjnmsgcin_com[1]
- %TEMP%\Tar9943.tmp
- %TEMP%\Cab9932.tmp
- <DRIVERS>\62ce9.sys
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ldpjnzcafmxxnfdlzgmlblpl_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\xpdvkfuxmpfburcxknvsibofor_com[1]
- %TEMP%\ppcrlui_4020_2
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\mvxeumnrwlhqwcdtydwcsoteqlj_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tnnrmnizdswlnlveuyppfsay_ru[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\huzlljylxoeyytorzhvwsyhcytwqc_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ylfykfonxgkqcyxpnzhkrzhcqm_net[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\vkvbywwolxnrjvplntcamukonh_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\nvhyhrsiflcqfuiveyojdiofv_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\sizhmvgojtkjtoqwweuozwdzhd_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\zvckfmduxpnvspvgwctipvpv_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\qwlpucjnmbhutbqdnvrkeqtcsglz_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\unfmfwgmvzpmvmrmvptgbm_biz[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\holvearohmxmznjytnbhylvw_org[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\pjetggqdetpnjuemizjz_info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tnrnkvlnjdkknughmjfemz_com[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\tmnhiqkbmpjsczdxkwgpvnjemv_ru[1]
Перемещает следующие файлы:
- <LS_APPDATA>\Microsoft\Windows Mail\edbtmp.log в <LS_APPDATA>\Microsoft\Windows Mail\edb.log
Самоудаляется.
Сетевая активность:
Подключается к:
- 'lz#######cdithykbvsnrfuga.net':80
- 'ea#######sckfgiljhmzpmvbux.com':80
- 'ij#######ipkfwgkftskztkusdq.ru':80
- 'di#######ixslnlemoneipqwcyl.biz':80
- 'tp#######sonukahqxwrscramr.info':80
- 'tw#######mnlcudgtbqaeppmv.org':80
- 'fy#######yaqeusgypphhuscwch.com':80
- 'dq#######eayfuzxkvxtkyppfit.biz':80
- 'nv#######gtdmlbdidauclxozp.ru':80
- 'lz########fysgbmnzonfipzdlfce.com':80
- 'jn######cpqskbyeukflft.net':80
- 'lz#######xcrslbnrrgfaamfe.org':80
- 'hu########aikzzdtwxgehmrfusk.info':80
- 'nb########cahqylfedeylwsqwmr.biz':80
- 'xd#######xfylhlzkveqovau.net':80
- 'yt########qfmqovvkdytfqlneiha.com':80
- 'kv########znvcyaqvcxvcamkfusx.ru':80
- 'vs#######qcheydiziflrtzdxgy.com':80
- 'xr######fugmxgpzibdjb.info':80
- 'uo######tmbazppnzpuukl.ru':80
- 'dq######dumfkzshydrs.info':80
- 'wg######zhifgmzpyhrtctp.com':80
- 'mn#####dnzhmvmfuljpz.ru':80
- 'yl########ezhfeeylaytgabukbd.com':80
- 'hu######jaimrtkvwcqwln.biz':80
- 'lj#######ljpjqwmfzltprhqljz.org':80
- 'dn######weuhhadmxcxyhxx.ru':80
- 'ob########knscemkzqgkbgmntwwp.biz':80
- 'yh#######bpuclnbvkvydbenz.net':80
- 'ho#######mxmznjytnbhylvw.org':80
- 'mv#######lhqwcdtydwcsoteqlj.net':80
- 'vc#######abjfnbqgerkztfufi.com':80
- 'in######quhifpivfqtwl.org':80
- 'xp#######pfburcxknvsibofor.com':80
- 'www.bing.com':80
- '74.##5.232.51':80
- 're#######vofxwxcubipaeayl.info':80
- 'ha########omrinljbanzjnmsgcin.com':80
- 'ld######fmxxnfdlzgmlblpl.ru':80
- 'si#######tkjtoqwweuozwdzhd.com':80
- 'tn######dswlnlveuyppfsay.ru':80
- 'hu########eyytorzhvwsyhcytwqc.com':80
- 'zd########lflhafixgnvemfgupfnv.info':80
- 'vk#######xnrjvplntcamukonh.org':80
- 'nv#######lcqfuiveyojdiofv.biz':80
- 'yl#######gkqcyxpnzhkrzhcqm.net':80
- 'tm#######pjsczdxkwgpvnjemv.ru':80
- 'qw########hutbqdnvrkeqtcsglz.com':80
- 'un######vzpmvmrmvptgbm.biz':80
- 'zv#######pnvspvgwctipvpv.biz':80
- 'pj######etpnjuemizjz.info':80
- 'tn######jdkknughmjfemz.com':80
TCP:
Запросы HTTP GET:
- lz#######cdithykbvsnrfuga.net/
- ea#######sckfgiljhmzpmvbux.com/
- ij#######ipkfwgkftskztkusdq.ru/
- di#######ixslnlemoneipqwcyl.biz/
- tp#######sonukahqxwrscramr.info/
- tw#######mnlcudgtbqaeppmv.org/
- fy#######yaqeusgypphhuscwch.com/
- dq#######eayfuzxkvxtkyppfit.biz/
- nv#######gtdmlbdidauclxozp.ru/
- lz########fysgbmnzonfipzdlfce.com/
- jn######cpqskbyeukflft.net/
- lz#######xcrslbnrrgfaamfe.org/
- hu########aikzzdtwxgehmrfusk.info/
- nb########cahqylfedeylwsqwmr.biz/
- xd#######xfylhlzkveqovau.net/
- yt########qfmqovvkdytfqlneiha.com/
- kv########znvcyaqvcxvcamkfusx.ru/
- vs#######qcheydiziflrtzdxgy.com/
- xr######fugmxgpzibdjb.info/
- uo######tmbazppnzpuukl.ru/
- dq######dumfkzshydrs.info/
- wg######zhifgmzpyhrtctp.com/
- mn#####dnzhmvmfuljpz.ru/
- yl########ezhfeeylaytgabukbd.com/
- hu######jaimrtkvwcqwln.biz/
- lj#######ljpjqwmfzltprhqljz.org/
- dn######weuhhadmxcxyhxx.ru/
- ob########knscemkzqgkbgmntwwp.biz/
- yh#######bpuclnbvkvydbenz.net/
- ho#######mxmznjytnbhylvw.org/
- mv#######lhqwcdtydwcsoteqlj.net/
- vc#######abjfnbqgerkztfufi.com/
- in######quhifpivfqtwl.org/
- xp#######pfburcxknvsibofor.com/
- www.bing.com/
- 74.##5.232.51/
- re#######vofxwxcubipaeayl.info/
- ha########omrinljbanzjnmsgcin.com/
- ld######fmxxnfdlzgmlblpl.ru/
- si#######tkjtoqwweuozwdzhd.com/
- tn######dswlnlveuyppfsay.ru/
- hu########eyytorzhvwsyhcytwqc.com/
- zd########lflhafixgnvemfgupfnv.info/
- vk#######xnrjvplntcamukonh.org/
- nv#######lcqfuiveyojdiofv.biz/
- yl#######gkqcyxpnzhkrzhcqm.net/
- tm#######pjsczdxkwgpvnjemv.ru/
- qw########hutbqdnvrkeqtcsglz.com/
- un######vzpmvmrmvptgbm.biz/
- zv#######pnvspvgwctipvpv.biz/
- pj######etpnjuemizjz.info/
- tn######jdkknughmjfemz.com/
UDP:
- DNS ASK nv#######gtdmlbdidauclxozp.ru
- DNS ASK dq#######eayfuzxkvxtkyppfit.biz
- DNS ASK zd########lflhafixgnvemfgupfnv.info
- DNS ASK lz########fysgbmnzonfipzdlfce.com
- DNS ASK jn######cpqskbyeukflft.net
- DNS ASK fy#######yaqeusgypphhuscwch.com
- DNS ASK hu########aikzzdtwxgehmrfusk.info
- DNS ASK lz#######xcrslbnrrgfaamfe.org
- DNS ASK vk#######xnrjvplntcamukonh.org
- DNS ASK zv#######pnvspvgwctipvpv.biz
- DNS ASK yl#######gkqcyxpnzhkrzhcqm.net
- DNS ASK kv########znvcyaqvcxvcamkfusx.ru
- DNS ASK pj######etpnjuemizjz.info
- DNS ASK si#######tkjtoqwweuozwdzhd.com
- DNS ASK nv#######lcqfuiveyojdiofv.biz
- DNS ASK hu########eyytorzhvwsyhcytwqc.com
- DNS ASK tn######dswlnlveuyppfsay.ru
- DNS ASK ij#######ipkfwgkftskztkusdq.ru
- DNS ASK uo######tmbazppnzpuukl.ru
- DNS ASK yt########qfmqovvkdytfqlneiha.com
- DNS ASK hu######jaimrtkvwcqwln.biz
- DNS ASK yl########ezhfeeylaytgabukbd.com
- DNS ASK xr######fugmxgpzibdjb.info
- DNS ASK vs#######qcheydiziflrtzdxgy.com
- DNS ASK xd#######xfylhlzkveqovau.net
- DNS ASK nb########cahqylfedeylwsqwmr.biz
- DNS ASK lj#######ljpjqwmfzltprhqljz.org
- DNS ASK tw#######mnlcudgtbqaeppmv.org
- DNS ASK tp#######sonukahqxwrscramr.info
- DNS ASK ea#######sckfgiljhmzpmvbux.com
- DNS ASK lz#######cdithykbvsnrfuga.net
- DNS ASK wg######zhifgmzpyhrtctp.com
- DNS ASK dq######dumfkzshydrs.info
- DNS ASK di#######ixslnlemoneipqwcyl.biz
- DNS ASK mn#####dnzhmvmfuljpz.ru
- DNS ASK ha########omrinljbanzjnmsgcin.com
- DNS ASK ld######fmxxnfdlzgmlblpl.ru
- DNS ASK in######quhifpivfqtwl.org
- DNS ASK re#######vofxwxcubipaeayl.info
- DNS ASK www.google.com
- DNS ASK tn######jdkknughmjfemz.com
- DNS ASK xp#######pfburcxknvsibofor.com
- DNS ASK www.bing.com
- DNS ASK yh#######bpuclnbvkvydbenz.net
- DNS ASK un######vzpmvmrmvptgbm.biz
- DNS ASK ho#######mxmznjytnbhylvw.org
- DNS ASK tm#######pjsczdxkwgpvnjemv.ru
- DNS ASK qw########hutbqdnvrkeqtcsglz.com
- DNS ASK dn######weuhhadmxcxyhxx.ru
- DNS ASK ob########knscemkzqgkbgmntwwp.biz
- DNS ASK mv#######lhqwcdtydwcsoteqlj.net
- DNS ASK vc#######abjfnbqgerkztfufi.com
- '16#.#3.62.72':9032
- '21#.#20.146.245':6585
- '23.##.64.182':7013
- '13#.#7.198.100':2430
- '16#.#1.80.142':9272
- '99.##.173.219':8302
- '10#.#53.212.95':4808
- '75.#.220.146':2763
- '86.##6.23.10':9826
- '37.##3.28.115':3878
- '11#.#23.149.254':3698
- '13#.#80.209.37':8727
- '21#.#7.147.155':7673
- '19#.#7.198.162':2096
- '76.##.162.44':5877
- '18#.#66.114.48':8088
- '23.##.42.224':2837
- '37.##.41.161':2190
- '17#.#9.110.91':1442
Другое:
Ищет следующие окна:
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'OutlookExpressHiddenWindow' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
