Technical Information
- '%WINDIR%\explorer.exe' /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
- '%WINDIR%\explorer.exe' /s , "http://www.he##123.net/"
- <APATH_ALLOC_DIR>\0314_017F0000_19.ndmp
- <APATH_ALLOC_DIR>\0314_01300000_18.ndmp
- <APATH_ALLOC_DIR>\0314_012C0000_17.ndmp
- <APATH_ALLOC_DIR>\0314_01BB0000_20.ndmp
- <APATH_ALLOC_DIR>\0314_01F00000_23.ndmp
- <APATH_ALLOC_DIR>\0314_01EC0000_22.ndmp
- <APATH_ALLOC_DIR>\0314_01DB0000_21.ndmp
- <APATH_ALLOC_DIR>\0314_00610000_16.ndmp
- <APATH_ALLOC_DIR>\0314_00530000_11.ndmp
- <APATH_ALLOC_DIR>\0314_00410000_10.ndmp
- <APATH_ALLOC_DIR>\0314_003B0000_9.ndmp
- <APATH_ALLOC_DIR>\0314_00540000_12.ndmp
- <APATH_ALLOC_DIR>\0314_00600000_15.ndmp
- <APATH_ALLOC_DIR>\0314_00590000_14.ndmp
- <APATH_ALLOC_DIR>\0314_00550000_13.ndmp
- <APATH_ALLOC_DIR>\0314_7FFDE000_34.ndmp
- <APATH_ALLOC_DIR>\0314_7FFDD000_33.ndmp
- <APATH_ALLOC_DIR>\0314_7FFDC000_32.ndmp
- <APATH_ALLOC_DIR>\0314_7FFDF000_35.ndmp
- %TEMP%\etilqs_HnVNzS9BbOf73L1
- %TEMP%\etilqs_IalcMpn9WWsXl0E
- <APATH_ALLOC_DIR>\0314_7FFE0000_36.ndmp
- <APATH_ALLOC_DIR>\0314_7FFDB000_31.ndmp
- <APATH_ALLOC_DIR>\0314_02200000_26.ndmp
- <APATH_ALLOC_DIR>\0314_02100000_25.ndmp
- <APATH_ALLOC_DIR>\0314_02000000_24.ndmp
- <APATH_ALLOC_DIR>\0314_77990000_27.ndmp
- <APATH_ALLOC_DIR>\0314_7FFDA000_30.ndmp
- <APATH_ALLOC_DIR>\0314_7FFB0000_29.ndmp
- <APATH_ALLOC_DIR>\0314_7F6F0000_28.ndmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2486.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\238B.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\20AB.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\25FF.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\28C3.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2805.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2739.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\1BDA.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000002
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\History Provider Cache
- %TEMP%\etilqs_hI59gRnGStwbz4X
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\LOG
- <APATH_ALLOC_DIR>\0314_00140000_4.ndmp
- <APATH_ALLOC_DIR>\0314_00130000_3.ndmp
- <APATH_ALLOC_DIR>\0314_00030000_2.ndmp
- <APATH_ALLOC_DIR>\0314_00150000_5.ndmp
- <APATH_ALLOC_DIR>\0314_002B0000_8.ndmp
- <APATH_ALLOC_DIR>\0314_00290000_7.ndmp
- <APATH_ALLOC_DIR>\0314_001C0000_6.ndmp
- <APATH_ALLOC_DIR>\0314_00020000_1.ndmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\HKKQV00OOA2YWXSYEBK7.temp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000002
- <APATH_ALLOC_DIR>\0314_00010000_0.ndmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\LOG
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\27F5.tmp~RFc28a5.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2728.tmp~RFc27ab.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\28C2.tmp~RFc2922.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RFc3024.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2571.tmp~RFc271f.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RFbfb01.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\1B7B.tmp~RFc20f7.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2447.tmp~RFc255b.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\22AF.tmp~RFc2432.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2805.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\27F5.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\27F5.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\27F5.tmp~RFc28a5.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2728.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2728.tmp~RFc27ab.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2571.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2571.tmp~RFc271f.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2739.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2728.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\28C3.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\28C2.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RFc3024.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\28C2.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\28C2.tmp~RFc2922.TMP
- from %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\HKKQV00OOA2YWXSYEBK7.temp to %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\8548f632abe97aa3.customDestinations-ms
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\1BDA.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\1B7B.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\1B7B.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\1B7B.tmp~RFc20f7.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RFbfb01.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\20AB.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2447.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2447.tmp~RFc255b.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\25FF.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2571.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2486.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\2447.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\238B.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\22AF.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\22AF.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\22AF.tmp~RFc2432.TMP
- DNS ASK bi##.#ikimedia.org
- DNS ASK ap#.###sys.opera.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK sl####i.yandex.ru
- DNS ASK au######te.geo.opera.com
- DNS ASK en.###ipedia.org
- DNS ASK re###.opera.com
- DNS ASK k.###inming.com
- DNS ASK www.ic#.com
- DNS ASK www.google.com
- DNS ASK k.####uogeng.com
- DNS ASK www.he##123.net
- DNS ASK i.##0.ru
- DNS ASK www.go##le.ru
- DNS ASK si#####ck2.opera.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Opera_MessageWindow' WindowName: '%APPDATA%\Roaming\Opera Software\Opera Stable'