Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Win' = '%APPDATA%\Windows\RuntimeBroker.exe'
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- %TEMP%\invision.exe
- %TEMP%\invisioninjection.exe
- %APPDATA%\windows\runtimebroker.exe
- 'ra#.####ubusercontent.com':443
- '31.##0.20.231':200
- 'ra#.####ubusercontent.com':443
- DNS ASK ra#.####ubusercontent.com
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\invisioninjection.exe'
- '%TEMP%\invision.exe'
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'