Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Explorer' = '%WINDIR%\Fonts\explorer.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'TaskMan' = '%WINDIR%\Fonts\rundll32.exe'
- '%WINDIR%\Fonts\explorer.exe'
- '%WINDIR%\Fonts\rundll32.exe'
- [<HKLM>\Software\ORL\WinVNC3]
- [<HKCU>\Software\ORL\WinVNC3]
- %WINDIR%\Fonts\~GLH0002.TMP
- %WINDIR%\Fonts\~GLH0003.TMP
- %WINDIR%\Fonts\~GLH0001.TMP
- %TEMP%\GLC1.tmp
- %WINDIR%\Fonts\~GLH0000.TMP
- %TEMP%\GLC1.tmp
- %WINDIR%\Fonts\~GLH0002.TMP в %WINDIR%\Fonts\VNCHooks.dll
- %WINDIR%\Fonts\~GLH0003.TMP в %WINDIR%\Fonts\rundll32.exe
- %WINDIR%\Fonts\~GLH0000.TMP в %WINDIR%\Fonts\explorer.exe
- %WINDIR%\Fonts\~GLH0001.TMP в %WINDIR%\Fonts\omnithread_rt.dll
- 'co####.dyn.nicolas.cx':6667
- 'localhost':5800
- 'localhost':5900
- DNS ASK co####.dyn.nicolas.cx
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'