Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RuntimeBroker' = '<Full path to file>'
- <Current directory>\rbpid.txt
- <Current directory>\svchost.exe
- <Current directory>\pid.txt
- <Current directory>\runtimebroker.exe
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012021060820210609\index.dat
- <Current directory>\rbpid.txt
- <Current directory>\svchost.exe
- <Current directory>\runtimebroker.exe
- <Current directory>\pid.txt
- 'bi######inerpro.unaux.com':80
- 'google.com':80
- http://bi######inerpro.unaux.com/px.gif?ch########################
- http://bi######inerpro.unaux.com/bmpvirus.php
- http://bi######inerpro.unaux.com/px.gif?ch#######################
- DNS ASK bi######inerpro.unaux.com
- DNS ASK google.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '<Current directory>\svchost.exe' 1324