Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pofmgr32.exe' = '%APPDATA%\Roaming\Microsoft\pofmgr32.exe'
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\WININET.dll",DispatchAPICall 1
- <SYSTEM32>\taskhost.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\91e000e7[1].htm
- %APPDATA%\Roaming\6561741.bat
- %APPDATA%\Roaming\Microsoft\pofmgr32.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\91e000e7[1].htm
- 'us###trock.ru':80
- 'di###bilko.pw':80
- 'la##mito.ru':80
- 'na##jax.ru':80
- us###trock.ru/3acf1cc3/91e000e7/
- di###bilko.pw/3acf1cc3/91e000e7/
- la##mito.ru/3acf1cc3/91e000e7/
- na##jax.ru/3acf1cc3/91e000e7/
- DNS ASK us###trock.ru
- DNS ASK di###bilko.pw
- DNS ASK la##mito.ru
- DNS ASK na##jax.ru
- ClassName: '(null)' WindowName: 'bjqcvt'
- ClassName: '(null)' WindowName: 'gV x'
- ClassName: '(null)' WindowName: 'YbtuMwms'
- ClassName: '(null)' WindowName: 'CyfxsN izlfxxe'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'P gkb'
- ClassName: '(null)' WindowName: 'qnyukS'
- ClassName: '(null)' WindowName: ' lhjkmbduveurbj'
- ClassName: '(null)' WindowName: 'nB fIz'
- ClassName: '(null)' WindowName: 'Becxf'
- ClassName: '(null)' WindowName: 'um b '
- ClassName: '(null)' WindowName: 'wkZyNJj'
- ClassName: '(null)' WindowName: 'bsV jeerfZ'
- ClassName: '(null)' WindowName: 'lZahls'