Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\1Click.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\uvnc_service] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\1c2.0.9\winvncsc.exe' = '%PROGRAM_FILES%\1c2.0.9\winvncsc.exe:*:Enabled:OneClick-Server'
- '%TEMP%\nss6.tmp\ns19.tmp' cmd.exe /C del /P /Q "%HOMEPATH%\Desktop\Tools.url"
- '%TEMP%\nss6.tmp\ns1A.tmp' "netsh.exe" firewall add allowedprogram "%PROGRAM_FILES%\1c2.0.9\winvncsc.exe" "OneClick-Server" ENABLE ALL
- '%TEMP%\nss6.tmp\ns1B.tmp' "netsh.exe" firewall add allowedprogram "%PROGRAM_FILES%\1c2.0.9\winvncsc.exe" "OneClick-Server" ENABLE
- '%TEMP%\nss6.tmp\ns18.tmp' cmd.exe /C del /P /Q "%HOMEPATH%\Start Menu\Tools.url"
- '%TEMP%\nss6.tmp\ns15.tmp' "%PROGRAM_FILES%\1c2.0.9\Uninst.exe"
- '%TEMP%\nss6.tmp\ns16.tmp' cmd.exe /C del /P /Q "%ALLUSERSPROFILE%\Start Menu\Tools.url"
- '%TEMP%\nss6.tmp\ns17.tmp' cmd.exe /C del /P /Q "%ALLUSERSPROFILE%\Desktop\Tools.url"
- '%TEMP%\nss6.tmp\ns1C.tmp' "net.exe" stop uvnc_service
- '%PROGRAM_FILES%\1c2.0.9\winvncsc.exe' -service
- '%TEMP%\nss6.tmp\ns1F.tmp' "net.exe" start uvnc_service
- '%PROGRAM_FILES%\1c2.0.9\winvncsc.exe' -autoreconnect -sc_prompt -connect 203.213.20.69::5511 -service_run
- '%PROGRAM_FILES%\1c2.0.9\winvncsc.exe' -install
- '%TEMP%\nss6.tmp\ns1D.tmp' "sc.exe" delete uvnc_service
- '%PROGRAM_FILES%\1c2.0.9\1Click.exe'
- '%TEMP%\nss6.tmp\ns1E.tmp' "%PROGRAM_FILES%\1c2.0.9\winvncsc.exe" -install
- '%TEMP%\nss6.tmp\nsA.tmp' "net.exe" stop uvnc_service
- '%TEMP%\nss6.tmp\nsB.tmp' "net.exe" stop WinVNC
- '%TEMP%\nss6.tmp\nsC.tmp' "net.exe" stop WinVNC4
- '%TEMP%\nss6.tmp\ns9.tmp' "sc.exe" delete winvnc4
- '%TEMP%\nsk3.tmp\WebGetS.exe' /3
- '%TEMP%\nss6.tmp\ns7.tmp' "sc.exe" delete uvnc_service
- '%TEMP%\nss6.tmp\ns8.tmp' "sc.exe" delete winvnc
- '%TEMP%\nss6.tmp\nsD.tmp' "tskill.exe" WinVncSC
- '%TEMP%\nss6.tmp\ns12.tmp' "taskkill.exe" /F /IM AvncMenu.exe /T
- '%TEMP%\nss6.tmp\ns13.tmp' "tskill.exe" WinVnc
- '%TEMP%\nss6.tmp\ns14.tmp' "taskkill.exe" /F /IM WinVnc.exe /T
- '%TEMP%\nss6.tmp\ns11.tmp' "taskkill.exe" /F /IM WinVncSC.exe /T
- '%TEMP%\nss6.tmp\nsE.tmp' "tskill.exe" 1click
- '%TEMP%\nss6.tmp\nsF.tmp' "tskill.exe" AvncMenu
- '%TEMP%\nss6.tmp\ns10.tmp' "taskkill.exe" /F /IM 1click.exe /T
- '<SYSTEM32>\taskkill.exe' /F /IM AvncMenu.exe /T
- '<SYSTEM32>\tskill.exe' WinVnc
- '<SYSTEM32>\taskkill.exe' /F /IM WinVncSC.exe /T
- '<SYSTEM32>\tskill.exe' AvncMenu
- '<SYSTEM32>\taskkill.exe' /F /IM 1click.exe /T
- '<SYSTEM32>\net1.exe' start "uvnc_service"
- '<SYSTEM32>\net1.exe' start uvnc_service
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%PROGRAM_FILES%\1c2.0.9\winvncsc.exe" "OneClick-Server" ENABLE
- '<SYSTEM32>\taskkill.exe' /F /IM WinVnc.exe /T
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%PROGRAM_FILES%\1c2.0.9\winvncsc.exe" "OneClick-Server" ENABLE ALL
- '<SYSTEM32>\tskill.exe' 1click
- '<SYSTEM32>\net.exe' stop uvnc_service
- '<SYSTEM32>\net1.exe' stop uvnc_service
- '<SYSTEM32>\sc.exe' delete winvnc4
- '<SYSTEM32>\sc.exe' delete uvnc_service
- '<SYSTEM32>\sc.exe' delete winvnc
- '<SYSTEM32>\net1.exe' stop WinVNC4
- '<SYSTEM32>\tskill.exe' WinVncSC
- '<SYSTEM32>\net.exe' stop WinVNC4
- '<SYSTEM32>\net.exe' stop WinVNC
- '<SYSTEM32>\net1.exe' stop WinVNC
- %PROGRAM_FILES%\1c2.0.9\icon1.ico
- %PROGRAM_FILES%\1c2.0.9\icon2.ico
- %PROGRAM_FILES%\1c2.0.9\UltraVnc.ini
- %PROGRAM_FILES%\1c2.0.9\stop.ico
- %PROGRAM_FILES%\1c2.0.9\Ding_Dong.wav
- %PROGRAM_FILES%\1c2.0.9\rePaper.exe
- %PROGRAM_FILES%\1c2.0.9\winvncsc.exe
- %PROGRAM_FILES%\1c2.0.9\cad.exe
- %WINDIR%\UltraVNC.ini
- %TEMP%\nss6.tmp\ns15.tmp
- %TEMP%\nss6.tmp\ns16.tmp
- %TEMP%\nss6.tmp\ns14.tmp
- %PROGRAM_FILES%\1c2.0.9\Advantig.Lic
- %TEMP%\nss6.tmp\ns19.tmp
- %PROGRAM_FILES%\1c2.0.9\Uninst.exe
- %TEMP%\nss6.tmp\ns17.tmp
- %TEMP%\nss6.tmp\ns18.tmp
- %PROGRAM_FILES%\1c2.0.9\OneClick.ini
- %TEMP%\nss6.tmp\ns1D.tmp
- %ALLUSERSPROFILE%\Desktop\Re-connect Support.lnk
- %TEMP%\nss6.tmp\ns1B.tmp
- %TEMP%\nss6.tmp\ns1C.tmp
- %PROGRAM_FILES%\1c2.0.9\SysCfg.lnk
- %ALLUSERSPROFILE%\Start Menu\System Boot Configuration.lnk
- %TEMP%\nss6.tmp\ns1E.tmp
- %TEMP%\nss6.tmp\ns1F.tmp
- %TEMP%\nss6.tmp\ns1A.tmp
- %PROGRAM_FILES%\1c2.0.9\Tools.url
- %ALLUSERSPROFILE%\Start Menu\Tools.url
- %PROGRAM_FILES%\1c2.0.9\CustomText.ini
- %PROGRAM_FILES%\1c2.0.9\1Click.exe
- %ALLUSERSPROFILE%\Start Menu\Stop Remote Support.lnk
- %ALLUSERSPROFILE%\Start Menu\1cToolBox.lnk
- %PROGRAM_FILES%\1c2.0.9\boot.ico
- %TEMP%\nsk3.tmp\Advantig.ini
- %TEMP%\nss6.tmp\ns13.tmp
- %TEMP%\nsk3.tmp\boot.ico
- %TEMP%\nsk3.tmp\CustomText.ini
- %TEMP%\nsk3.tmp\icon2.ico
- %TEMP%\nsk3.tmp\stop.ico
- %TEMP%\nsk3.tmp\1Click.exe
- %TEMP%\nsx5.tmp
- %TEMP%\nsk3.tmp\OneClick.ini
- %TEMP%\nsk3.tmp\Tools.url
- %TEMP%\nsk3.tmp\icon1.ico
- %TEMP%\nsk3.tmp\helpdesk.txt
- %TEMP%\nsk3.tmp\winvncsc.exe
- %TEMP%\nso2.tmp
- %TEMP%\nsk3.tmp\WebGetS.exe
- %TEMP%\nsk3.tmp\Ding_Dong.wav
- %TEMP%\nsk3.tmp\Splash.bmp
- %TEMP%\nsk3.tmp\UltraVnc.ini
- %TEMP%\nsk3.tmp\cad.exe
- %TEMP%\nsk3.tmp\Advantig.Lic
- %TEMP%\nss6.tmp\nsD.tmp
- %TEMP%\nss6.tmp\nsE.tmp
- %TEMP%\nss6.tmp\nsB.tmp
- %TEMP%\nss6.tmp\nsC.tmp
- %TEMP%\nss6.tmp\ns11.tmp
- %TEMP%\nss6.tmp\ns12.tmp
- %TEMP%\nss6.tmp\nsF.tmp
- %TEMP%\nss6.tmp\ns10.tmp
- %TEMP%\nss6.tmp\nsA.tmp
- %TEMP%\nsk3.tmp\rePaper.exe
- %TEMP%\nsk3.tmp\AvncMenu.exe
- %TEMP%\nss6.tmp\default.bmp
- %TEMP%\nss6.tmp\Splash.dll
- %TEMP%\nss6.tmp\ns8.tmp
- %TEMP%\nss6.tmp\ns9.tmp
- %TEMP%\nss6.tmp\nsExec.dll
- %TEMP%\nss6.tmp\ns7.tmp
- %TEMP%\nsk3.tmp\Advantig.ini
- %TEMP%\nsk3.tmp\helpdesk.txt
- %TEMP%\nss6.tmp\ns1A.tmp
- %TEMP%\nsk3.tmp\AvncMenu.exe
- %TEMP%\nss6.tmp\ns17.tmp
- %TEMP%\nss6.tmp\ns18.tmp
- %TEMP%\nss6.tmp\ns19.tmp
- %TEMP%\nss6.tmp\ns1B.tmp
- %TEMP%\nss6.tmp\default.bmp
- %TEMP%\nss6.tmp\nsExec.dll
- %TEMP%\nss6.tmp\Splash.dll
- %TEMP%\nss6.tmp\ns1F.tmp
- %TEMP%\nss6.tmp\ns1C.tmp
- %TEMP%\nss6.tmp\ns1D.tmp
- %TEMP%\nss6.tmp\ns1E.tmp
- %TEMP%\nss6.tmp\ns16.tmp
- %TEMP%\nss6.tmp\nsB.tmp
- %TEMP%\nss6.tmp\nsC.tmp
- %TEMP%\nss6.tmp\nsD.tmp
- %TEMP%\nss6.tmp\nsA.tmp
- %TEMP%\nss6.tmp\ns7.tmp
- %TEMP%\nss6.tmp\ns8.tmp
- %TEMP%\nss6.tmp\ns9.tmp
- %TEMP%\nss6.tmp\nsE.tmp
- %TEMP%\nss6.tmp\ns13.tmp
- %TEMP%\nss6.tmp\ns14.tmp
- %TEMP%\nss6.tmp\ns15.tmp
- %TEMP%\nss6.tmp\ns12.tmp
- %TEMP%\nss6.tmp\nsF.tmp
- %TEMP%\nss6.tmp\ns10.tmp
- %TEMP%\nss6.tmp\ns11.tmp
- '20#.#13.20.69':5511
- ClassName: 'WinVNC desktop sink' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WinVNC Tray Icon' WindowName: ''
- ClassName: '#32770' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: '' WindowName: ''