Техническая информация
- '<SYSTEM32>\conhost.exe' --type=utility --channel="1024.9.1903464351\2036825143" --lang=en-US --with-feature:enhanced-autofill --ignored=" --type=renderer " /prefetch:-645351001
- '<SYSTEM32>\conhost.exe' /C copy /b "%TEMP%\nsdC2E2.tmp\" + "<SYSTEM32>\ieframe.dll" "%TEMP%\nsdC2E2.tmp\"
- '<SYSTEM32>\conhost.exe' --type=utility --channel="1024.7.1518552232\563571214" --lang=en-US --with-feature:enhanced-autofill --ignored=" --type=renderer " /prefetch:-645351001
- '<SYSTEM32>\conhost.exe' --type=renderer --disable-direct-npapi-requests --lang=en-US --disable-client-side-phishing-detection --with-feature:enhanced-autofill --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="1024.4.506239748\441757496" /prefetch:673131151
- '<SYSTEM32>\conhost.exe' /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F895.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\7937.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FB36.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FDD9.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FCCE.tmp
- %TEMP%\etilqs_s27nXAcy9LYd7xO
- %HOMEPATH%\Downloads\3C94.tmp
- %TEMP%\etilqs_9q5b3UwVTG43cHy
- %HOMEPATH%\Downloads\en:Zone.Identifier
- %HOMEPATH%\Downloads\20.jpg:Zone.Identifier
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000002
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp
- %TEMP%\etilqs_kX1oJdjAf1QQX72
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\LOG
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FF92.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FE58.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\20.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\XWE4YSTO4BKMGM4XVDIF.temp
- %HOMEPATH%\Downloads\318C.tmp
- %PROGRAM_FILES%\SetupSoft\Uninstall.exe
- %TEMP%\nsdC2E2.tmp\i.rar
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SetupSoft\uninst.lnk
- %TEMP%\nsdC2E2.tmp\4.ico
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Rhj55aT[1]
- %TEMP%\nsdC2E2.tmp\2.ico
- %TEMP%\nsdC2E2.tmp\System.dll
- %TEMP%\nsdC2E2.tmp\nsProcess.dll
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\iplookup[1].php
- %TEMP%\nsdC2E2.tmp\Inetc.dll
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\LOG
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\History Provider Cache
- %APPDATA%\Roaming\Opera Software\Opera Stable\405.tmp
- %TEMP%\etilqs_TzNVcyqGqr2SHdS
- %TEMP%\nsdC2E2.tmp\ExecCmd.dll
- %HOMEPATH%\Desktop\Intrenet Explorer.lnk
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000002
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FF72.tmp~RF9fff0.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FE47.tmp~RF9ff16.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\10.tmp~RFa008c.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RFa0962.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FDC8.tmp~RF9fe1c.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RF7dd63.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F827.tmp~RF9f95b.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FC40.tmp~RF9fd32.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FB16.tmp~RF9fbcb.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FE58.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FE47.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FE47.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FE47.tmp~RF9ff16.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FF92.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FF72.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FC40.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FC40.tmp~RF9fd32.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FDD9.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FDC8.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FDC8.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FDC8.tmp~RF9fe1c.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FF72.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FF72.tmp~RF9fff0.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT в %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RFa0962.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\20.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\10.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\10.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\10.tmp~RFa008c.TMP
- %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\XWE4YSTO4BKMGM4XVDIF.temp в %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\8548f632abe97aa3.customDestinations-ms
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FCCE.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FC40.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\405.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences
- %HOMEPATH%\Downloads\318C.tmp в %HOMEPATH%\Downloads\20.jpg.opdownload
- %HOMEPATH%\Downloads\3C94.tmp в %HOMEPATH%\Downloads\en.opdownload
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT в %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RF7dd63.TMP
- %HOMEPATH%\Downloads\20.jpg.opdownload в %HOMEPATH%\Downloads\20.jpg
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F827.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F827.tmp~RF9f95b.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FB36.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FB16.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FB16.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\FB16.tmp~RF9fbcb.TMP
- %HOMEPATH%\Downloads\en.opdownload в %HOMEPATH%\Downloads\en
- %APPDATA%\Roaming\Opera Software\Opera Stable\7937.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Local State
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F895.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F827.tmp
- 'bi##.#ikimedia.org':80
- 'i.##0.ru':80
- '93.##8.134.11':80
- 'ap#.###sys.opera.com':443
- 'au######te.geo.opera.com':443
- 'www.go##le.ru':80
- 't.#n':80
- 'in#.###ol.sina.com.cn':80
- 'www.ic#.com':80
- 'f.####anxinyuan.com':80
- 'si#####ck2.opera.com':80
- bi##.#ikimedia.org/favicon/wikipedia.ico
- i.##0.ru/2011/icons/rambler.ico
- 93.##8.134.11/favicon.ico
- www.ic#.com/en
- f.####anxinyuan.com/<Служебное имя>.exe/20.jpg
- t.#n/Rhj55aT
- in#.###ol.sina.com.cn/iplookup/iplookup.php
- si#####ck2.opera.com/?ho###############################################
- www.go##le.ru/favicon.ico
- si#####ck2.opera.com/?ho#########################################################
- DNS ASK sl####i.yandex.ru
- DNS ASK bi##.#ikimedia.org
- DNS ASK i.##0.ru
- DNS ASK ap#.###sys.opera.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK au######te.geo.opera.com
- DNS ASK www.go##le.ru
- DNS ASK www.google.com
- DNS ASK t.#n
- DNS ASK in#.###ol.sina.com.cn
- DNS ASK f.####anxinyuan.com
- DNS ASK si#####ck2.opera.com
- DNS ASK www.ic#.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Opera_MessageWindow' WindowName: '%APPDATA%\Roaming\Opera Software\Opera Stable'