Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] '{IX4BMXAD-443770-PD4ITD-PD4ITDHKMK}' = '"%TEMP%\Runtime Broker.exe" ...'
- %APPDATA%\microsoft\windows\start menu\programs\startup\{ix4bmxad-443770-pd4itd-pd4itdhkmk}.exe
- hidden files
- %TEMP%\runtime broker.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\{ix4bmxad-443770-pd4itd-pd4itdhkmk}.exe
- %TEMP%\runtime broker.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\{ix4bmxad-443770-pd4itd-pd4itdhkmk}.exe
- 'dp##te.com':443
- '92.##.199.157':3940
- DNS ASK dp##te.com
- DNS ASK ch######update.sytes.net
- '%TEMP%\runtime broker.exe'
- '<SYSTEM32>\cmd.exe' /k ping 0 & del "%TEMP%\Runtime Broker.exe" & exit' (with hidden window)
- '<SYSTEM32>\cmd.exe' /k ping 0 & del "%TEMP%\Runtime Broker.exe" & exit
- '<SYSTEM32>\ping.exe' 0