Technical Information
- '<SYSTEM32>\DllHost.exe' --pid=0x94c --log --managed
- '<SYSTEM32>\DllHost.exe' 0x88c cmd.exe
- '<SYSTEM32>\DllHost.exe' /C copy /b "%TEMP%\nsu30FF.tmp\" + "<SYSTEM32>\ieframe.dll" "%TEMP%\nsu30FF.tmp\"
- '<SYSTEM32>\conhost.exe' --type=utility --channel="1400.6.471646872\2010910020" --lang=en-US --with-feature:enhanced-autofill --ignored=" --type=renderer " /prefetch:-645351001
- '<SYSTEM32>\conhost.exe' /C copy /b "%TEMP%\nsu30FF.tmp\" + "<SYSTEM32>\ieframe.dll" "%TEMP%\nsu30FF.tmp\"
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\8CD.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\7A3.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\9D8.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\CC9.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\B41.tmp
- %HOMEPATH%\Downloads\20.jpg:Zone.Identifier
- %TEMP%\etilqs_S8y7vtroHV1hYC7
- %HOMEPATH%\Downloads\CEE5.tmp
- %TEMP%\etilqs_FDKBLXkSlfY8H8F
- %HOMEPATH%\Downloads\en:Zone.Identifier
- <APATH_DUMPS_DIR>_net\CmdDotNetDumper.log
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\LOG
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\5B7A.tmp
- %TEMP%\etilqs_d0FR9fETKE5RD12
- <Auxiliary element>
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000002
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\E05.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D67.tmp
- %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\S6U1RS2HPU8WR6UTUJLF.temp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %TEMP%\nsu30FF.tmp\i.rar
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\iplookup[1].php
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\7185bdf1jw1ekl8sspnd6j20rs0hd428[1].jpg
- %HOMEPATH%\Desktop\Intrenet Explorer.lnk
- %TEMP%\nsu30FF.tmp\3.jpg
- %TEMP%\nsu30FF.tmp\inetc.dll
- %PROGRAM_FILES%\SetupInstall\Uninstall.exe
- %TEMP%\nsu30FF.tmp\System.dll
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SetupInstall\uninst.lnk
- %TEMP%\nsu30FF.tmp\nsProcess.dll
- %TEMP%\nsu30FF.tmp\1.jpg
- %TEMP%\etilqs_3f33fV7mQdZ4fZ2
- %APPDATA%\Roaming\Opera Software\Opera Stable\99EE.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\History Provider Cache
- %HOMEPATH%\Downloads\CC55.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\C909.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\LOG
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- %TEMP%\nsu30FF.tmp\ExecCmd.dll
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000002
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D57.tmp~RFe0d87.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\CB9.tmp~RFe0ceb.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\B31.tmp~RFe0bd2.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RFe19f5.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\DC6.tmp~RFe0ede.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences~RFccb69.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RFc7252.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\9B8.tmp~RFe0aaa.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\89D.tmp~RFe0981.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\735.tmp~RFe0859.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\CB9.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\CB9.tmp~RFe0ceb.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D67.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D57.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D57.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D57.tmp~RFe0d87.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\CC9.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\CB9.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\9B8.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\9B8.tmp~RFe0aaa.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\B41.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\B31.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\B31.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\B31.tmp~RFe0bd2.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RFe19f5.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\5B7A.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Local State
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\E05.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\DC6.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\DC6.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\DC6.tmp~RFe0ede.TMP
- from %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\S6U1RS2HPU8WR6UTUJLF.temp to %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\8548f632abe97aa3.customDestinations-ms
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\9D8.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\9B8.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\C909.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences to %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences~RFccb69.TMP
- from %HOMEPATH%\Downloads\CC55.tmp to %HOMEPATH%\Downloads\en.opdownload
- from %APPDATA%\Roaming\Opera Software\Opera Stable\99EE.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RFc7252.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\735.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\735.tmp~RFe0859.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\8CD.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\89D.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\89D.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\89D.tmp~RFe0981.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\7A3.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\735.tmp
- from %HOMEPATH%\Downloads\CEE5.tmp to %HOMEPATH%\Downloads\20.jpg.opdownload
- from %HOMEPATH%\Downloads\en.opdownload to %HOMEPATH%\Downloads\en
- from %HOMEPATH%\Downloads\20.jpg.opdownload to %HOMEPATH%\Downloads\20.jpg
- 'i.##0.ru':80
- 'bi##.#ikimedia.org':80
- '93.##8.134.11':80
- 'ap#.###sys.opera.com':443
- 'au######te.geo.opera.com':443
- 'www.go##le.ru':80
- 'ww#.#inaimg.cn':80
- 'in#.###ol.sina.com.cn':80
- 'si#####ck2.opera.com':80
- 'k.####hantea-tw.com':80
- 'www.ic#.com':80
- i.##0.ru/2011/icons/rambler.ico
- bi##.#ikimedia.org/favicon/wikipedia.ico
- 93.##8.134.11/favicon.ico
- www.ic#.com/en
- k.####hantea-tw.com/<Auxiliary name>.exe/20.jpg
- ww#.#inaimg.cn/large/7185bdf1jw1ekl8sspnd6j20rs0hd428.jpg
- in#.###ol.sina.com.cn/iplookup/iplookup.php
- si#####ck2.opera.com/?ho###############################################
- www.go##le.ru/favicon.ico
- si#####ck2.opera.com/?ho#######################################################
- DNS ASK sl####i.yandex.ru
- DNS ASK bi##.#ikimedia.org
- DNS ASK i.##0.ru
- DNS ASK ap#.###sys.opera.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK au######te.geo.opera.com
- DNS ASK www.go##le.ru
- DNS ASK www.google.com
- DNS ASK ww#.#inaimg.cn
- DNS ASK in#.###ol.sina.com.cn
- DNS ASK k.####hantea-tw.com
- DNS ASK www.ic#.com
- DNS ASK si#####ck2.opera.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Opera_MessageWindow' WindowName: '%APPDATA%\Roaming\Opera Software\Opera Stable'
- ClassName: 'CicLoaderWndClass' WindowName: ''