Technical Information
- '%TEMP%\nsyC9A6.tmp\F0916_s_30911.exe'
- '%TEMP%\nsyC9A6.tmp\OfficeAssist.0195.80.1056.exe'
- '%TEMP%\nsyC9A6.tmp\yx_dts.exe'
- '%TEMP%\nsyC9A6.tmp\setup_3386.exe'
- '%TEMP%\nsyC9A6.tmp\F0916_s_30911.exe' (downloaded from the Internet)
- '%TEMP%\nsyC9A6.tmp\OfficeAssist.0195.80.1056.exe' (downloaded from the Internet)
- '%TEMP%\nsyC9A6.tmp\setup_3386.exe' (downloaded from the Internet)
- '%TEMP%\nsyC9A6.tmp\yx_dts.exe' (downloaded from the Internet)
- '<SYSTEM32>\conhost.exe' /C copy /b "%TEMP%\nsyC9A6.tmp\F0916_s_30911.exe" + "<SYSTEM32>\ieframe.dll" "%TEMP%\nsyC9A6.tmp\F0916_s_30911.exe"
- '<SYSTEM32>\conhost.exe' /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000002
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\LOG
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp
- %TEMP%\nsyC9A6.tmp\ExecCmd.dll
- %TEMP%\etilqs_LdbxhQl7UygTTrj
- %TEMP%\etilqs_PPgmbDZ7YDMQ9IM
- %HOMEPATH%\Downloads\en:Zone.Identifier
- %HOMEPATH%\Downloads\40.html:Zone.Identifier
- <Auxiliary element>
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5A50.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5925.tmp
- %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\IJJU3P28UF6AXB0AOBIW.temp
- %APPDATA%\Roaming\Opera Software\Opera Stable\B4AF.tmp
- %TEMP%\nsyC9A6.tmp\G0828_s_70988.exe
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5085.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4F8A.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5133.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\57EB.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\572E.tmp
- %TEMP%\nsyC9A6.tmp\setup_3386.exe
- %TEMP%\nsyC9A6.tmp\4.ico
- %TEMP%\nsyC9A6.tmp\yx_dts.exe
- %HOMEPATH%\Desktop\Intrenet Explorer.lnk
- %TEMP%\nsyC9A6.tmp\OfficeAssist.0195.80.1056.exe
- %TEMP%\nsyC9A6.tmp\System.dll
- %TEMP%\nsjC996.tmp
- %TEMP%\nsyC9A6.tmp\2.ico
- %TEMP%\nsyC9A6.tmp\NSISdl.dll
- %TEMP%\nsyC9A6.tmp\nsProcess.dll
- %TEMP%\nsyC9A6.tmp\F0916_s_30911.exe
- %APPDATA%\Roaming\Opera Software\Opera Stable\History Provider Cache
- %TEMP%\etilqs_VQ9Za4bxp2yOmis
- %APPDATA%\Roaming\Opera Software\Opera Stable\DDD0.tmp
- %HOMEPATH%\Downloads\123A.tmp
- %HOMEPATH%\Downloads\F1AF.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000002
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\LOG
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\571D.tmp~RFd57a1.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5122.tmp~RFd5179.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\57DB.tmp~RFd585c.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5A01.tmp~RFd5a5f.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5898.tmp~RFd5984.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5084.tmp~RFd50ed.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RFbb07a.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RFd4401.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4F4A.tmp~RFd5012.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\572E.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\571D.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\571D.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\571D.tmp~RFd57a1.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\57EB.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\57DB.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5084.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5084.tmp~RFd50ed.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5133.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5122.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5122.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5122.tmp~RFd5179.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\57DB.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\57DB.tmp~RFd585c.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5A01.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5A01.tmp~RFd5a5f.TMP
- from %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\IJJU3P28UF6AXB0AOBIW.temp to %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\8548f632abe97aa3.customDestinations-ms
- from %APPDATA%\Roaming\Opera Software\Opera Stable\B4AF.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Local State
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5925.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5898.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5898.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5898.tmp~RFd5984.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5A50.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5A01.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5085.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\5084.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\DDD0.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences
- from %HOMEPATH%\Downloads\F1AF.tmp to %HOMEPATH%\Downloads\40.html.opdownload
- from %HOMEPATH%\Downloads\123A.tmp to %HOMEPATH%\Downloads\en.opdownload
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RFbb07a.TMP
- from %HOMEPATH%\Downloads\40.html.opdownload to %HOMEPATH%\Downloads\40.html
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RFd4401.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4F8A.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4F4A.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4F4A.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\4F4A.tmp~RFd5012.TMP
- from %HOMEPATH%\Downloads\en.opdownload to %HOMEPATH%\Downloads\en
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- 'bi##.#ikimedia.org':80
- 'i.##0.ru':80
- '93.##8.134.11':80
- 'ap#.###sys.opera.com':443
- 'au######te.geo.opera.com':443
- 'www.ic#.com':80
- 'xn#######ik91bknc.xn--fiqs8s':80
- 'f.####anxinyuan.com':80
- 'www.go##le.ru':80
- 'si#####ck2.opera.com':80
- bi##.#ikimedia.org/favicon/wikipedia.ico
- i.##0.ru/2011/icons/rambler.ico
- www.go##le.ru/favicon.ico
- 93.##8.134.11/favicon.ico
- xn#######ik91bknc.xn--fiqs8s/G0828_s_70988.rar
- www.ic#.com/en
- f.####anxinyuan.com/<Auxiliary name>.exe/40.html
- xn#######ik91bknc.xn--fiqs8s/yx_dts.rar
- xn#######ik91bknc.xn--fiqs8s/setup_3386.rar
- xn#######ik91bknc.xn--fiqs8s/2.ico
- xn#######ik91bknc.xn--fiqs8s/OfficeAssist.0195.80.1056.rar
- si#####ck2.opera.com/?ho#########################################################
- si#####ck2.opera.com/?ho###############################################
- xn#######ik91bknc.xn--fiqs8s/F0916_s_30911.rar
- DNS ASK sl####i.yandex.ru
- DNS ASK bi##.#ikimedia.org
- DNS ASK i.##0.ru
- DNS ASK ap#.###sys.opera.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK au######te.geo.opera.com
- DNS ASK www.ic#.com
- DNS ASK www.google.com
- DNS ASK xn#######ik91bknc.xn--fiqs8s
- DNS ASK www.go##le.ru
- DNS ASK si#####ck2.opera.com
- DNS ASK f.####anxinyuan.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Opera_MessageWindow' WindowName: '%APPDATA%\Roaming\Opera Software\Opera Stable'