Technical Information
- '%WINDIR%\A23049FJOKJDS\AQ6MKMEYC8RGTC2.exe'
- '%WINDIR%\A23049FJOKJDS\ZVHNIIQVNTMYO8S.exe'
- '<SYSTEM32>\spynet\svchost.exe'
- '%TEMP%\Encryptado.exe'
- '%TEMP%\BFile1.exe'
- '%TEMP%\BFile2.exe'
- '<SYSTEM32>\conhost.exe' --type=utility --channel="700.6.1096548650\637351371" --lang=en-US --with-feature:enhanced-autofill --ignored=" --type=renderer " /prefetch:-645351001
- %WINDIR%\Explorer.EXE
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000002
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\ErrorPageTemplate[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\LOG
- %TEMP%\etilqs_d6wRIXipKie44tI
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\errorPageStrings[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\errorPageStrings[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D2F5.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D10F.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\CEFB.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D400.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\P3SYJ9YDXWSMU2MD86TY.temp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\httpErrorPagesScripts[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\info_48[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\httpErrorPagesScripts[2]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\navcancl[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\background_gradient[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\BEEB.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\info_48[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\bullet[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\background_gradient[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\background_gradient[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\info_48[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\info_48[1]
- %TEMP%\etilqs_ylhTjq0dyElI6Mg
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\bullet[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\bullet[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C9DA.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\LOG
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000002
- <SYSTEM32>\spynet\svchost.exe
- %TEMP%\XxX.xXx
- %APPDATA%\Roaming\logs.dat
- %TEMP%\XX--XX--XX.txt
- %TEMP%\BFile2.exe
- %TEMP%\BFile1.exe
- %TEMP%\Encryptado.exe
- %WINDIR%\A23049FJOKJDS\AQ6MKMEYC8RGTC2.exe
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- %WINDIR%\A23049FJOKJDS\ZVHNIIQVNTMYO8S.exe
- %TEMP%\UuU.uUu
- %APPDATA%\Roaming\Opera Software\Opera Stable\History Provider Cache
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\httpErrorPagesScripts[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\httpErrorPagesScripts[1]
- %TEMP%\etilqs_eJS3FrTTfACv7px
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C91D.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C6AB.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\B377.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\ErrorPageTemplate[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\navcancl[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\navcancl[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\ErrorPageTemplate[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\8B6D.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\errorPageStrings[2]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\errorPageStrings[1]
- %APPDATA%\Roaming\logs.dat
- <SYSTEM32>\spynet\svchost.exe
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D053.tmp~RF7d27a.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\CECB.tmp~RF7d02a.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C98B.tmp~RF7cbb7.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D296.tmp~RF7d393.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RF7e159.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D3B1.tmp~RF7d50a.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C8FD.tmp~RF7c947.TMP
- %TEMP%\XX--XX--XX.txt
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RF764ca.TMP
- %TEMP%\UuU.uUu
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C62D.tmp~RF7c85d.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences~RF7b856.TMP
- %TEMP%\XxX.xXx
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D2F5.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D296.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D296.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D296.tmp~RF7d393.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D400.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D3B1.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\CECB.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\CECB.tmp~RF7d02a.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D10F.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D053.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D053.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D053.tmp~RF7d27a.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RF7e159.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\BEEB.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Local State
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D3B1.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\D3B1.tmp~RF7d50a.TMP
- from %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\P3SYJ9YDXWSMU2MD86TY.temp to %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\8548f632abe97aa3.customDestinations-ms
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\CEFB.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\CECB.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\8B6D.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences
- from %APPDATA%\Roaming\Opera Software\Opera Stable\B377.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences to %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences~RF7b856.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RF764ca.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C8FD.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C8FD.tmp~RF7c947.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C9DA.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C98B.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C98B.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C98B.tmp~RF7cbb7.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C6AB.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C62D.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C62D.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C62D.tmp~RF7c85d.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C91D.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\C8FD.tmp
- DNS ASK i.##0.ru
- DNS ASK bi##.#ikimedia.org
- DNS ASK ho#####acking.no-ip.biz
- DNS ASK www.go##le.ru
- DNS ASK sl####i.yandex.ru
- DNS ASK ap#.###sys.opera.com
- DNS ASK au######te.geo.opera.com
- DNS ASK re###.opera.com
- DNS ASK en.###ipedia.org
- DNS ASK www.fa###ook.com
- DNS ASK ga##bad.net
- DNS ASK rl####ers.com.br
- DNS ASK www.rl####ers.com.br
- DNS ASK www.re####asonline.org
- DNS ASK vi#####ornoadultos.net
- DNS ASK www.ic#.com
- DNS ASK si#####ck2.opera.com
- DNS ASK www.google.com
- DNS ASK dn#.##ftncsi.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Opera_MessageWindow' WindowName: '%APPDATA%\Roaming\Opera Software\Opera Stable'