Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\dfvncservice] 'Start' = '00000002'
- <LS_APPDATA>\DFHelp\winvnc.exe -autoreconnect -connect office.digitalforces.com::5500 -service_run -service -install
- <SYSTEM32>\sc.exe stop uvnc_service
- <SYSTEM32>\net1.exe start "dfvncservice"
- <SYSTEM32>\sc.exe stop winvnc
- <SYSTEM32>\sc.exe config winvnc start= disabled
- <SYSTEM32>\sc.exe config uvnc_service start= disabled
- %TEMP%\nsh3.tmp\ns4.tmp
- %TEMP%\nsh3.tmp\ns5.tmp
- %HOMEPATH%\Desktop\Stop and Remove DFHelp.lnk
- %TEMP%\nsh3.tmp\nsExec.dll
- %TEMP%\nsh3.tmp\ns8.tmp
- <LS_APPDATA>\DFHelp\WinVNC.log
- %TEMP%\nsh3.tmp\ns6.tmp
- %TEMP%\nsh3.tmp\ns7.tmp
- <LS_APPDATA>\DFHelp\icon1.ico
- <LS_APPDATA>\DFHelp\icon2.ico
- %TEMP%\nsw2.tmp
- %TEMP%\nsh3.tmp\System.dll
- <LS_APPDATA>\DFHelp\winvnc.exe
- <LS_APPDATA>\DFHelp\DFHelp_Uninst.exe
- <LS_APPDATA>\DFHelp\ultravnc.ini
- <LS_APPDATA>\DFHelp\vnchooks.dll
- %TEMP%\nsh3.tmp\ns8.tmp
- %TEMP%\nsh3.tmp\nsExec.dll
- %TEMP%\nsh3.tmp\System.dll
- %TEMP%\nsh3.tmp\ns7.tmp
- %TEMP%\nsh3.tmp\ns4.tmp
- %TEMP%\nsh3.tmp\ns5.tmp
- %TEMP%\nsh3.tmp\ns6.tmp
- 'of####.#igitalforces.com':5500
- DNS ASK of####.#igitalforces.com
- '<IP-адрес в локальной сети>':1034
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'WinVNC Tray Icon' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '#32770' WindowName: ''