Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pofmgr32.exe' = '%APPDATA%\Roaming\Microsoft\pofmgr32.exe'
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- '<SYSTEM32>\rundll32.exe' "<SYSTEM32>\WININET.dll",DispatchAPICall 1
- <SYSTEM32>\taskhost.exe
- %APPDATA%\Roaming\6747145.bat
- %APPDATA%\Roaming\Microsoft\pofmgr32.exe
- '17#.#8.31.137':8080
- '20#.#13.235.41':8080
- '21#.#4.151.75':8080
- '64.##2.249.5':8080
- '17#.#36.153.210':8080
- '80.##.191.158':8080
- '19#.#54.110.228':8080
- '10#.#8.148.51':8080
- '12#.155.3.6':8080
- '50.##.146.109':8080
- DNS ASK dn#.##ftncsi.com
- ClassName: 'Indicator' WindowName: '(null)'