Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ufgqxto] 'Startup' = 'ufgqxtoStartupEvent'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ufgqxto] 'DllName' = 'ufgqxto.dll'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\alg.exe
- <SYSTEM32>\ctfmon.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\csrss.exe
- <SYSTEM32>\lsass.exe
- <SYSTEM32>\services.exe
- [<HKCU>\Software\CoffeeCup Software\Internet\Profiles]
- [<HKCU>\Software\Far\Plugins\FTP\Hosts]
- [<HKCU>\SOFTWARE\FlashFXP\3]
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander Pro]
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander Deluxe]
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander]
- <SYSTEM32>\{35145379-1114-1232-1122-334425667788}
- %TEMP%\BC84.tmp
- '20#.#1.236.176':80
- '20#.#6.232.182':80
- 20#.#1.236.176/etc/work.php?me################################################################################################################
- DNS ASK up####.microsoft.com