Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce] '833wt96ws37r' = '%HOMEPATH%\833wt96ws37r\47897.vbs'
- %APPDATA%\microsoft\windows\start menu\programs\startup\regsvcs.exe
- %WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe
- [HKCU\Software\Google\Google Talk\Accounts]
- [HKCU\Software\Microsoft\Internet Account Manager\Accounts]
- [HKCU\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts]
- [HKCU\Identities\{1BC91121-7903-48EE-BF78-1BC7CA4B5761}\Software\Microsoft\Internet Account Manager\Accounts]
- [HKCU\Identities\{1BC91121-7903-48EE-BF78-1BC7CA4B5761}\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts]
- [HKCU\Software\Microsoft\MSNMessenger]
- [HKCU\Software\Yahoo\Pager]
- [HKCU\Software\Microsoft\IdentityCRL]
- [HKCU\Software\Microsoft\Windows Live Mail]
- %HOMEPATH%\833wt96ws37r\rdefojyunhha.add
- %TEMP%\etilqs_engykrkortu7n5r
- %TEMP%\etilqs_dmirtq0bkfdleek
- %TEMP%\etilqs_nlw9lgpwacalitn
- %TEMP%\etilqs_fo0ywztokuk6zbb
- %TEMP%\etilqs_zdlikx8mugacepg
- %TEMP%\etilqs_jd9ixfitnvqjayc
- %TEMP%\etilqs_adzqluhs7ffpqst
- %TEMP%\etilqs_okbbcr9sdabftwv
- %TEMP%\etilqs_evrpbleh0jpxi5o
- %TEMP%\etilqs_7qfiu1ayhcxaoak
- %TEMP%\logff.txt
- %HOMEPATH%\833wt96ws37r\run.vbs
- %HOMEPATH%\833wt96ws37r\47897.vbs
- %HOMEPATH%\833wt96ws37r\42662.cmd
- %HOMEPATH%\833wt96ws37r\fyantm.lvx
- %HOMEPATH%\833wt96ws37r\oclj.dez
- %HOMEPATH%\833wt96ws37r\update.exe
- %TEMP%\9dfe.tmp
- %TEMP%\9dfd.tmp
- %HOMEPATH%\833wt96ws37r\rdefojyunhha.add
- %HOMEPATH%\833wt96ws37r\update.exe
- %HOMEPATH%\833wt96ws37r\oclj.dez
- %HOMEPATH%\833wt96ws37r\fyantm.lvx
- %HOMEPATH%\833wt96ws37r\47897.vbs
- %HOMEPATH%\833wt96ws37r\42662.cmd
- %TEMP%\logff.txt
- %TEMP%\9dfd.tmp
- %TEMP%\9dfe.tmp
- 'smtp.yandex.ru':587
- 'ro###.ebay.com':80
- 'do#####d3.operacdn.com':443
- 'ya###.opera.com':80
- 'fa###ook.com':443
- 'fa###ook.com':80
- 'si#####ck2.opera.com':80
- 'my#p.ru':443
- 're###.opera.com':80
- 'my#p.ru':80
- 'ro###.ebay.com':443
- 'en.###ipedia.org':443
- 'en.###ipedia.org':80
- 'se####.yahoo.com':443
- 'bing.com':80
- 'am##on.com':80
- 'du###uckgo.com':443
- 'se####.yahoo.com':80
- 'google.com':80
- 'au######te.geo.opera.com':443
- 'au######te.geo.opera.com':80
- 'am##on.com':443
- 'sd#####es.operacdn.com':443
- http://au######te.geo.opera.com/geolocation/
- http://re###.opera.com/speeddials/partner/product
- http://re###.opera.com/speeddials/partner/booking_com_us
- http://re###.opera.com/speeddials/partner/twitter_us
- http://re###.opera.com/speeddials/partner/yahoo
- http://ro###.ebay.com/rover/1/711-53200-19255-0/1?ic###########################################################################################################################
- http://re###.opera.com/speeddials/partner/ebay_us
- http://www.am##on.com/?ta#########################
- http://re###.opera.com/speeddials/partner/amazon_us
- http://ya###.opera.com/favicon.ico
- http://re###.opera.com/favicon.ico
- http://www.fa###ook.com/
- http://re###.opera.com/speeddials/partner/facebook
- http://si#####ck2.opera.com/?ho################################################
- http://si#####ck2.opera.com/?ho###################################################
- http://re###.opera.com/www.opera.com/firstrun/
- http://www.my#p.ru/en-EN/index.php
- http://en.###ipedia.org/favicon.ico
- http://www.bing.com/s/a/bing_p.ico
- http://www.am##on.com/favicon.ico
- http://se####.yahoo.com/favicon.ico
- http://www.google.com/favicon.ico
- http://re###.opera.com/speeddials/partner/youtube
- http://re###.opera.com/speeddials/partner/wikipedia_org_us
- 'smtp.yandex.ru':587
- 'au######te.geo.opera.com':443
- 'du###uckgo.com':443
- 'se####.yahoo.com':443
- 'am##on.com':443
- 'en.###ipedia.org':443
- 'my#p.ru':443
- 'fa###ook.com':443
- 'ya###.opera.com':443
- 'do#####d3.operacdn.com':443
- 'ro###.ebay.com':443
- 'sd#####es.operacdn.com':443
- DNS ASK smtp.yandex.ru
- DNS ASK eb##.pro
- DNS ASK do#####d3.operacdn.com
- DNS ASK op##a.com
- DNS ASK ya###.opera.com
- DNS ASK fa###ook.com
- DNS ASK si#####ck2.opera.com
- DNS ASK re###.opera.com
- DNS ASK ro###.ebay.com
- DNS ASK my#p.ru
- DNS ASK bing.com
- DNS ASK bi##.#ikimedia.org
- DNS ASK am##on.com
- DNS ASK du###uckgo.com
- DNS ASK se####.yahoo.com
- DNS ASK au######te.geo.opera.com
- DNS ASK google.com
- DNS ASK en.###ipedia.org
- DNS ASK sd#####es.operacdn.com
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Opera_MessageWindow' WindowName: '%APPDATA%\Opera Software\Opera Stable'
- '%HOMEPATH%\833wt96ws37r\update.exe' OCLj.DEZ
- '%WINDIR%\syswow64\cmd.exe' /c copy /z "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regsvcs.exe'
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="276.11.1030857042\460629979" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="276.10.1645078528\1964561896" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="276.9.1843736704\1659525419" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="276.8.1069012383\780790259" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' --type=utility --channel="276.4.2091457281\1466233243" --lang=en-US --no-sandbox --enable-proprietary-media-types-playback /prefetch:-645351001 /crash-reporter-parent-id=500
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\logmail.txt
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="276.7.1431069204\277472068" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="276.6.250066498\1937224209" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="276.12.1704145673\1303368615" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="276.5.1811142028\1065819292" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=renderer --alt-high-dpi-setting=96 --disable-direct-npapi-requests --enable-deferred-image-decoding --lang=en-US --enable-proprietary-media-types-playback --extension-process --enable-we...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=renderer --alt-high-dpi-setting=96 --disable-direct-npapi-requests --enable-deferred-image-decoding --lang=en-US --enable-proprietary-media-types-playback --disable-client-side-phishing-...
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=gpu-process --channel="276.0.1738812433\779659175" --enable-proprietary-media-types-playback --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,19,42 --gpu-vendor-id=0x0000 --gpu-...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\logff.txt
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera_crashreporter.exe' -noautoupdate --ran-launcher -- http://www.ebis.pro/images/invoice_img.png /crash-reporter-parent-id=276
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' -noautoupdate --ran-launcher -- http://www.ebis.pro/images/invoice_img.png
- '%ProgramFiles(x86)%\opera\launcher.exe' -noautoupdate -- "http://www.ebis.pro/images/invoice_img.png"
- '%WINDIR%\syswow64\cmd.exe' /c copy /z "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe"
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="276.4.2091457281\1466233243" --lang=en-US --no-sandbox --enable-proprietary-media-types-playback /prefetch:-645351001
- '%ProgramFiles(x86)%\opera\29.0.1795.47\opera.exe' --type=utility --channel="276.15.45228881\1412930970" --lang=en-US --enable-proprietary-media-types-playback --ignored=" --type=renderer " /prefetch:-645351001