Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\winvnc] 'Start' = '00000002'
- %WINDIR%\winvnc.exe -service
- <SYSTEM32>\sc.exe description winvnc "Manages communication between a Windows Server Domain Controller and a connected Domain Client. If this service is not started or disabled, domain functions will be inoperable."
- %WINDIR%\regedit.exe /s "<LS_APPDATA>\ins.reg"
- <SYSTEM32>\net1.exe start winvnc
- <SYSTEM32>\xcopy.exe "<LS_APPDATA>\winvnc.exe" %WINDIR%\ /c /y
- <SYSTEM32>\xcopy.exe "<LS_APPDATA>\VNCHooks.dll" %WINDIR%\ /c /y
- <SYSTEM32>\sc.exe create winvnc binpath= "%WINDIR%\winvnc.exe -service" type= interact type= own start= auto displayname= "Domain Client Service"
- [<HKLM>\SOFTWARE\ORL\WinVNC3]
- %TEMP%\bt1210.bat
- %WINDIR%\winvnc.exe
- %WINDIR%\vnchooks.dll
- <LS_APPDATA>\ins.reg
- <LS_APPDATA>\vnchooks.dll
- <LS_APPDATA>\winvnc.exe
- %TEMP%\bt1210.bat
- <LS_APPDATA>\vnchooks.dll
- <LS_APPDATA>\winvnc.exe
- %TEMP%\bt1210.bat
- <LS_APPDATA>\ins.reg
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''