Technical Information
- '<SYSTEM32>\conhost.exe' --type=utility --channel="2944.8.1820246289\484229775" --lang=en-US --with-feature:enhanced-autofill --ignored=" --type=renderer " /prefetch:-645351001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5D0B.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\59FD.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5E65.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\HYMJ5B1YGODWCI5LQP3I.temp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\49A1.tmp
- <APATH_DUMPS_DIR>_net\CmdDotNetDumper.log
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4E25.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\528C.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4EA4.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\bullet[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\background_gradient[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\EEF.tmp
- %TEMP%\etilqs_IhlreE11cgQxHfF
- %APPDATA%\Roaming\Opera Software\Opera Stable\1797.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000002
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\info_48[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\LOG
- %TEMP%\etilqs_fQvRaawZ9hiD5DB
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\httpErrorPagesScripts[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000002
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\YU2ESO9K
- %TEMP%\myrar.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\navcancl[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\errorPageStrings[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\ErrorPageTemplate[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\B397.tmp
- %HOMEPATH%\Downloads\B396.tmp
- %TEMP%\etilqs_MvEKuMDyVjunCC7
- %HOMEPATH%\Downloads\en:Zone.Identifier
- %HOMEPATH%\Downloads\download:Zone.Identifier
- %APPDATA%\Roaming\Opera Software\Opera Stable\History Provider Cache
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\LOG
- %TEMP%\etilqs_kAHZS7dvwGtlLKZ
- %HOMEPATH%\Downloads\AF90.tmp
- <Auxiliary element>
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5DF6.tmp~RFa5f10.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5CEB.tmp~RFa5d5b.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\59FC.tmp~RFa5c23.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences~RFb1850.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RFa9b64.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4932.tmp~RFa4b42.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RF98c66.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\527C.tmp~RFa58f8.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4E93.tmp~RFa5012.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4E14.tmp~RFa4e5d.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5CEB.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5CEB.tmp~RFa5d5b.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5E65.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5DF6.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5DF6.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5DF6.tmp~RFa5f10.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5D0B.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5CEB.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\527C.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\527C.tmp~RFa58f8.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\59FD.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\59FC.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\59FC.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\59FC.tmp~RFa5c23.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\EEF.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Local State
- from %APPDATA%\Roaming\Opera Software\Opera Stable\1797.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences to %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences~RFb1850.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RFa9b64.TMP
- from %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\HYMJ5B1YGODWCI5LQP3I.temp to %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\8548f632abe97aa3.customDestinations-ms
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\528C.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\527C.tmp
- from %HOMEPATH%\Downloads\AF90.tmp to %HOMEPATH%\Downloads\download.opdownload
- from %HOMEPATH%\Downloads\B396.tmp to %HOMEPATH%\Downloads\en.opdownload
- from %HOMEPATH%\Downloads\download.opdownload to %HOMEPATH%\Downloads\download
- from %APPDATA%\Roaming\Opera Software\Opera Stable\B397.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RF98c66.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4E14.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4E14.tmp~RFa4e5d.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4EA4.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4E93.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4E93.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4E93.tmp~RFa5012.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4E25.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4E14.tmp
- from %HOMEPATH%\Downloads\en.opdownload to %HOMEPATH%\Downloads\en
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\49A1.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4932.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4932.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4932.tmp~RFa4b42.TMP
- 'i.##0.ru':80
- 'bi##.#ikimedia.org':80
- 'ap#.###sys.opera.com':443
- 'au######te.geo.opera.com':443
- 'www.go##le.ru':80
- 'www.ic#.com':80
- 'www.75##yo.com':80
- '93.##8.134.11':80
- 'si#####ck2.opera.com':80
- bi##.#ikimedia.org/favicon/wikipedia.ico
- www.go##le.ru/favicon.ico
- www.ic#.com/en
- i.##0.ru/2011/icons/rambler.ico
- 93.##8.134.11/favicon.ico
- www.75##yo.com/yoyonaicha.txt
- www.75##yo.com/
- si#####ck2.opera.com/?ho####################################################
- si#####ck2.opera.com/?ho###############################################
- DNS ASK i.##0.ru
- DNS ASK bi##.#ikimedia.org
- DNS ASK au######te.geo.opera.com
- DNS ASK ap#.###sys.opera.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK www.go##le.ru
- DNS ASK www.google.com
- DNS ASK www.75##yo.com
- DNS ASK www.ic#.com
- DNS ASK sl####i.yandex.ru
- DNS ASK si#####ck2.opera.com
- ClassName: 'Opera_MessageWindow' WindowName: '%APPDATA%\Roaming\Opera Software\Opera Stable'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: '' WindowName: 'Microsoft Internet Explorer'
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''