Техническая информация
- '%WINDIR%\explorer.exe' /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
- '%WINDIR%\explorer.exe' /s , "http://www.he##123.net/"
- <APATH_ALLOC_DIR>\088C_01CE0000_20.ndmp
- <APATH_ALLOC_DIR>\088C_01BB0000_19.ndmp
- <APATH_ALLOC_DIR>\088C_01B70000_18.ndmp
- <APATH_ALLOC_DIR>\088C_01D80000_21.ndmp
- <APATH_ALLOC_DIR>\088C_01FF0000_24.ndmp
- <APATH_ALLOC_DIR>\088C_01EF0000_23.ndmp
- <APATH_ALLOC_DIR>\088C_01EB0000_22.ndmp
- <APATH_ALLOC_DIR>\088C_01A10000_17.ndmp
- <APATH_ALLOC_DIR>\088C_00370000_12.ndmp
- <APATH_ALLOC_DIR>\088C_00360000_11.ndmp
- <APATH_ALLOC_DIR>\088C_00350000_10.ndmp
- <APATH_ALLOC_DIR>\088C_00410000_13.ndmp
- <APATH_ALLOC_DIR>\088C_01740000_16.ndmp
- <APATH_ALLOC_DIR>\088C_005F0000_15.ndmp
- <APATH_ALLOC_DIR>\088C_004E0000_14.ndmp
- <APATH_ALLOC_DIR>\088C_7FFDF000_35.ndmp
- <APATH_ALLOC_DIR>\088C_7FFDE000_34.ndmp
- <APATH_ALLOC_DIR>\088C_7FFDD000_33.ndmp
- <APATH_ALLOC_DIR>\088C_7FFE0000_36.ndmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\3429.tmp
- %TEMP%\etilqs_VwnWPL3YqeAnec6
- %TEMP%\etilqs_M0VbkNOAlJWWbhi
- <APATH_ALLOC_DIR>\088C_7FFDC000_32.ndmp
- <APATH_ALLOC_DIR>\088C_77CD0000_27.ndmp
- <APATH_ALLOC_DIR>\088C_021F0000_26.ndmp
- <APATH_ALLOC_DIR>\088C_020F0000_25.ndmp
- <APATH_ALLOC_DIR>\088C_7F6F0000_28.ndmp
- <APATH_ALLOC_DIR>\088C_7FFDB000_31.ndmp
- <APATH_ALLOC_DIR>\088C_7FFDA000_30.ndmp
- <APATH_ALLOC_DIR>\088C_7FFB0000_29.ndmp
- <APATH_ALLOC_DIR>\088C_00340000_9.ndmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\65D.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\542.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\456.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\797.tmp
- %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\P6U39ZDRE31AQAMJIS5G.temp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\8C3.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\854.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\3F7.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000002
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\History Provider Cache
- %TEMP%\etilqs_PpkUOG4T3DqnciJ
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\LOG
- <APATH_ALLOC_DIR>\088C_00140000_4.ndmp
- <APATH_ALLOC_DIR>\088C_00130000_3.ndmp
- <APATH_ALLOC_DIR>\088C_00030000_2.ndmp
- <APATH_ALLOC_DIR>\088C_00150000_5.ndmp
- <APATH_ALLOC_DIR>\088C_001F0000_8.ndmp
- <APATH_ALLOC_DIR>\088C_001D0000_7.ndmp
- <APATH_ALLOC_DIR>\088C_001C0000_6.ndmp
- <APATH_ALLOC_DIR>\088C_00020000_1.ndmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000002
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp
- <APATH_ALLOC_DIR>\088C_00010000_0.ndmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\1C44.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\LOG
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\7E6.tmp~RF70888.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\786.tmp~RF707ad.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\894.tmp~RF70924.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RF70c7e.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\60E.tmp~RF70721.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RF6f372.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\3D6.tmp~RF70424.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\503.tmp~RF705aa.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\436.tmp~RF70463.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\8C3.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\894.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\894.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\894.tmp~RF70924.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\7E6.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\7E6.tmp~RF70888.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\786.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\786.tmp~RF707ad.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\854.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\7E6.tmp
- %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\P6U39ZDRE31AQAMJIS5G.temp в %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\8548f632abe97aa3.customDestinations-ms
- %APPDATA%\Roaming\Opera Software\Opera Stable\1C44.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences
- %APPDATA%\Roaming\Opera Software\Opera Stable\3429.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Local State
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT в %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RF70c7e.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\797.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\786.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\3F7.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\3D6.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\3D6.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\3D6.tmp~RF70424.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT в %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RF6f372.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\456.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\436.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\65D.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\60E.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\60E.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\60E.tmp~RF70721.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\503.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\503.tmp~RF705aa.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\436.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\436.tmp~RF70463.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\542.tmp в %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\503.tmp
- DNS ASK bi##.#ikimedia.org
- DNS ASK ap#.###sys.opera.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK sl####i.yandex.ru
- DNS ASK au######te.geo.opera.com
- DNS ASK en.###ipedia.org
- DNS ASK re###.opera.com
- DNS ASK k.###inming.com
- DNS ASK www.he##123.net
- DNS ASK www.google.com
- DNS ASK k.####uogeng.com
- DNS ASK www.ic#.com
- DNS ASK www.go##le.ru
- DNS ASK i.##0.ru
- DNS ASK si#####ck2.opera.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Opera_MessageWindow' WindowName: '%APPDATA%\Roaming\Opera Software\Opera Stable'