Technical Information
- ClassName: 'OLLYDBG', WindowName: ''
- %APPDATA%\microsoft\windows\templates\servicemicrosoftqr\rnvbz(.exe)\11.21.12.412\xsandbox.bin.__tmp__
- %TEMP%\spoon\cache\0xb07d8a07b064469a\sxs\manifests\vbn.exe_0x738cd445c678fecdd1698b6ad2501d53.1.manifest.__tmp__
- %TEMP%\spoon\cache\0xb07d8a07b064469a\sxs\vbn.exe\vbn.exe.manifest.__tmp__
- %APPDATA%\teamviewer\02-10-2020
- from %APPDATA%\microsoft\windows\templates\servicemicrosoftqr\rnvbz(.exe)\11.21.12.412\xsandbox.bin.__tmp__ to %APPDATA%\microsoft\windows\templates\servicemicrosoftqr\rnvbz(.exe)\11.21.12.412\xsandbox.bin
- from %TEMP%\spoon\cache\0xb07d8a07b064469a\sxs\manifests\vbn.exe_0x738cd445c678fecdd1698b6ad2501d53.1.manifest.__tmp__ to %TEMP%\spoon\cache\0xb07d8a07b064469a\sxs\manifests\vbn.exe_0x738cd445c678fecdd1698b6ad2501d53.1.manifest
- from %TEMP%\spoon\cache\0xb07d8a07b064469a\sxs\vbn.exe\vbn.exe.manifest.__tmp__ to %TEMP%\spoon\cache\0xb07d8a07b064469a\sxs\vbn.exe\vbn.exe.manifest
- '18#.#03.240.187':4673
- http://ip##pi.com/json/
- DNS ASK ip##pi.com