Technical Information
- '' (downloaded from the Internet)
- %APPDATA%\hcaiqpmwm3n.exe
- %APPDATA%\lktob1mhngk.exe
- %APPDATA%\c.exe
- %APPDATA%\OneSystemCare.exe
- %APPDATA%\linker.exe
- 'fa####msungus.com':80
- 'ad###cedtop.pw':80
- 'do#####d.12drones.com':80
- 'wp#d':80
- 'vd.####ystemhost.net':80
- 'in#####.rgbcjfir.com':80
- http://fa####msungus.com/c.exe
- http://www.ad###cedtop.pw/advanced_3.0.exe via ad###cedtop.pw
- http://do#####d.12drones.com/chann5cn2103227/LaCiePrivatePublic_Setup.exe
- http://11#.#11.111.1/wpad.dat via wp#d
- http://vd.####ystemhost.net/331003050/OneSystemCare.exe
- http://in#####.rgbcjfir.com/download/APSFWemonetize
- DNS ASK fa####msungus.com
- DNS ASK www.ad###cedtop.pw
- DNS ASK do#####d.12drones.com
- DNS ASK wp#d
- DNS ASK vd.####ystemhost.net
- DNS ASK in#####.rgbcjfir.com
- '%APPDATA%\hcaiqpmwm3n.exe'
- '%APPDATA%\lktob1mhngk.exe'
- '%APPDATA%\c.exe' /16
- '%APPDATA%\OneSystemCare.exe' /S
- '%APPDATA%\linker.exe' {"packer":{"DistributerName":"APSFWemonetize","ChannelId":"4"},"Agent":{"SetAll":"true"}}