OneSave PC Cleaner Scamm

Scams
1

I think that this one is a Scam… Please take a look at it and downvote it at VirusTotal :smiley:

https://www.onesafe-software.com/de/cleaner/LP13.php?tracking=UTL_DE_PP_CLDEAL_OSPCC&campaignid=CLDEAL&clickid=005c9852d0364d0f8ca86a84bc192e04b2e8&filter=16056&keyword=

https://www.virustotal.com/gui/url/7c07a19502c75793248529eb3b678d082838b9f877208b1cb8b925d8bb7faaaa/detection

2

Main object- “https://www.onesafe-software.com/de/cleaner/LP13.php?tracking=UTL_DE_PP_CLDEAL_OSPCC&campaignid=CLDEAL&clickid=005c9852d0364d0f8ca86a84bc192e04b2e8&filter=16056&keyword=

url https://www.onesafe-software.com/de/cleaner/LP13.php?tracking=UTL_DE_PP_CLDEAL_OSPCC&campaignid=CLDEAL&clickid=005c9852d0364d0f8ca86a84bc192e04b2e8&filter=16056&keyword=

Dropped executable file

sha256 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\OneSafe_PC_Cleaner[1].exe 83dda10730255f3bb811d39c747281e6fb00cbb648c95212fcc4c4814232ff89

sha256 C:\Users\admin\AppData\Local\Temp\is-PUFQN.tmp\OneSafe_PC_Cleaner[1].tmp 821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431

sha256 C:\Program Files\OneSafe PC Cleaner\unins000.exe cf584d62089672fa6e5d9e8c314ae3d99866aebc6958a2f5c86694ad253136eb

sha256 C:\Program Files\OneSafe PC Cleaner\OneSafePCCleaner.exe cb2b98c829c1cdebddbc3afefb5e8c6702b60ee286dfd26308b0fc79ca4e0bde

sha256 C:\Program Files\OneSafe PC Cleaner\OSPCNotifications.exe a7ea048e15b00d5f7ed760eb5ba8dd8a034e31e0c0953ae17f5b2da81a5b38c0

sha256 C:\Program Files\OneSafe PC Cleaner\sqlite3.dll 0e86808f00e264b62f7fcdf6d8e8044655eb5c5056088b889af467b7cf3a8f96

DNS requests

domain www.onesafe-software.com

domain webtools.avanquest.com

domain cdn.onesafe-software.com

domain webtools.onesafesoftware.com

domain stats.smartpctools.com

domain dev.techsupport.smartpcupdate.com

Connections

ip 34.240.152.236

ip 205.185.208.52

ip 151.101.2.2

ip 104.108.41.127

ip 217.195.25.241

ip 46.4.246.106

ip 94.130.13.79

ip 151.101.2.109

ip 13.32.222.126

ip 13.35.253.22

HTTP/HTTPS requests

url http://stats.smartpctools.com/si?p=OneSafe_PC_Cleaner_ML&b=6.9.9&c=Aug2019

url http://dev.techsupport.smartpcupdate.com/build/ONESAFE/OneSafe_PC_Cleaner_ML

It is, it makes all these connections.