Technical Information
- %WINDIR%\explorer.exe
- firefox.exe
- firefox.exe process, nss3.dll module
- iexplore.exe process, wininet.dll module
- %WINDIR%\syswow64\autofmt.exe
- %TEMP%\9qtbr6m558
- %TEMP%\otoezenpoa
- %TEMP%\ipbyp.exe
- %TEMP%\ipbyp.exe
- 'og###iance.com':80
- http://www.og###iance.com/ai26/?2d####################################################################################
- DNS ASK og###iance.com
- '%TEMP%\ipbyp.exe' %TEMP%\otoezenpoa
- '%WINDIR%\syswow64\rundll32.exe'
- '%WINDIR%\syswow64\cmd.exe' del "%TEMP%\ipbyp.exe"