Technical Information
- '%TEMP%\Off OTv1GujOoCxo1a\310714_br.exe'
- '%TEMP%\Off OTv1GujOoCxo1a\271014_nj.exe'
- '%TEMP%\Off OTv1GujOoCxo1a\310714_o.exe'
- '%TEMP%\Off OTv1GujOoCxo1a\271014_nj.exe' (downloaded from the Internet)
- '%TEMP%\Off OTv1GujOoCxo1a\310714_o.exe' (downloaded from the Internet)
- '%TEMP%\Off OTv1GujOoCxo1a\310714_br.exe' (downloaded from the Internet)
- %TEMP%\Off OTv1GujOoCxo1a\310714_br.exe
- %TEMP%\Off OTv1GujOoCxo1a\271014_nj.exe
- %TEMP%\nsq3.tmp\nsWeb.dll
- %TEMP%\nsq2.tmp
- %TEMP%\nsq3.tmp\inetc.dll
- %TEMP%\Off OTv1GujOoCxo1a\310714_o.exe
- 'localhost':1040
- 'www.no##ake.me':80
- 'www.fi##treq.me':80
- 'www.2n###quest.me':80
- www.2n###quest.me/310714d/271014_nj.exe?rn#######
- www.no##ake.me/8HiaohS9X
- www.fi##treq.me/310714d/310714_o.exe
- www.2n###quest.me/310714d/310714_br.exe?rn#######
- DNS ASK www.no##ake.me
- DNS ASK www.2n###quest.me
- DNS ASK www.fi##treq.me
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''