Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pofmgr32.exe' = '%APPDATA%\Roaming\Microsoft\pofmgr32.exe'
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\WININET.dll",DispatchAPICall 1
- <SYSTEM32>\taskhost.exe
- %APPDATA%\Roaming\9522115.bat
- %APPDATA%\Roaming\Microsoft\pofmgr32.exe
- '72.#.156.20':8080
- '17#.#36.86.214':8080
- '19#.#63.232.235':8080
- '18#.#.66.179':8080
- '18#.#53.237.6':8080
- '31.##2.210.86':8080
- '20#.#3.183.196':8080
- '58.#7.0.5':8080
- '80.#8.62.18':8080
- '20#.#43.185.107':8080
- DNS ASK dn#.##ftncsi.com
- ClassName: 'Indicator' WindowName: '(null)'