Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RuntimeBroker' = '<Full path to file>'
- %WINDIR%\temp\rbpid.txt
- <Current directory>\svchost.exe
- %WINDIR%\temp\svpid.txt
- <Current directory>\runtimebroker.exe
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012021060820210609\index.dat
- %WINDIR%\temp\rbpid.txt
- <Current directory>\svchost.exe
- <Current directory>\runtimebroker.exe
- 'bi######inerpro.unaux.com':80
- 'google.com':80
- http://bi######inerpro.unaux.com/px.gif?ch#########################
- http://bi######inerpro.unaux.com/bmpvirus.php
- http://bi######inerpro.unaux.com/px.gif?ch########################
- DNS ASK bi######inerpro.unaux.com
- DNS ASK google.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '<Current directory>\svchost.exe' 1928