Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Adobe ARM' = '"%APPDATA%\ifgxpers.exe"'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\lic[1].php
- %APPDATA%\sound.mp3
- C:\report.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\img[1].jpg
- %APPDATA%\ifgxpers.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\mp3[1].mp3
- %APPDATA%\1.jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\lic[1].php
- 'ma####sha.tmweb.ru':80
- 'localhost':1036
- '20#.#5.229.104':80
- ma####sha.tmweb.ru/usa/lic.php
- ma####sha.tmweb.ru/usa/upload/mp3.mp3
- ma####sha.tmweb.ru/usa/upload/img.jpg
- DNS ASK ma####sha.tmweb.ru
- ClassName: 'SystemTray_Main' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''