Technical Information
- https://us.hostiso.cloud/index.php/s/xfkjbapf5cctz4d/download as systemcachefiles.exe
- https://us.hostiso.cloud/index.php/s/wqztoyyb4yok3z9/download as windowsconfig.exe
- %TEMP%\rarsfx0\install.exe
- %TEMP%\rarsfx0\installer.exe
- %TEMP%\d92f.tmp\d930.tmp\d931.bat
- %TEMP%\2683.tmp\2684.tmp\2695.bat
- %TEMP%\d92f.tmp\d930.tmp\d931.bat
- %TEMP%\2683.tmp\2684.tmp\2695.bat
- %TEMP%\rarsfx0\install.exe
- %TEMP%\rarsfx0\installer.exe
- 'us.###tiso.cloud':443
- 'us.##oudamo.com':443
- 'us.###tiso.cloud':443
- 'us.##oudamo.com':443
- DNS ASK us.###tiso.cloud
- DNS ASK us.##oudamo.com
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\rarsfx0\install.exe'
- '%TEMP%\rarsfx0\installer.exe'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\D92F.tmp\D930.tmp\D931.bat %TEMP%\RarSFX0\install.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\2683.tmp\2684.tmp\2695.bat %TEMP%\RarSFX0\installer.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\D92F.tmp\D930.tmp\D931.bat %TEMP%\RarSFX0\install.exe"
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\2683.tmp\2684.tmp\2695.bat %TEMP%\RarSFX0\installer.exe"