Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '0C1CFAFA000D22079FF83D7DF875EF60' = '%ALLUSERSPROFILE%\0C1CFAFA000D22079FF83D7DF875EF60\0C1CFAFA000D22079FF83D7DF875EF60.exe'
- Windows Update
- Windows Security Center
- Windows Defender
- User Account Control (UAC)
- Windows Security Center
- Windows Action Center
- iexplore.exe
- %ALLUSERSPROFILE%\0c1cfafa000d22079ff83d7df875ef60\0c1cfafa000d22079ff83d7df875ef60.exe
- %ALLUSERSPROFILE%\0c1cfafa000d22079ff83d7df875ef60\0c1cfafa000d22079ff83d7df875ef60.ico
- '11#.#21.178.189':80
- http://11#.#21.178.189/api/urls/?ts#####################