Technical Information
- %TEMP%\tmpac07.tmp
- %TEMP%\tmpac18.tmp
- <Current directory>\killme.exe
- <Current directory>\ob.runner_v1_0.zip
- <Current directory>\ob.runner.exe
- %TEMP%\tmpac07.tmp
- %TEMP%\tmpac18.tmp
- 'ap#.#pify.org':443
- 'ro#######c.azurewebsites.net':80
- 'ro#########ers.blob.core.windows.net':443
- http://ro#######c.azurewebsites.net/Customer.svc/json/CheckAppMetaData
- 'ap#.#pify.org':443
- 'ro#########ers.blob.core.windows.net':443
- DNS ASK ap#.#pify.org
- DNS ASK ro#######c.azurewebsites.net
- DNS ASK ro#########ers.blob.core.windows.net
- '<Current directory>\killme.exe' <File name>.exe OB.Runner_V1_0.zip <Current directory>\
- '<Current directory>\killme.exe' <File name>.exe OB.Runner_V1_0.zip <Current directory>\' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""C:\\Windows\\SysWOW64\\CScript.exe" //U //NoLogo //E:vbscript "C:\\Users\\user\\AppData\\Local\\Temp\\tmpAC07.tmp" 2> "C:\\Users\\user\\AppData\\Local\\Temp\\tmpAC08.tmp" > "C:\\Users\\u...
- '%WINDIR%\syswow64\cscript.exe' //U //NoLogo //E:vbscript "C:\\Users\\user\\AppData\\Local\\Temp\\tmpAC07.tmp"