Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinVNC4] 'Start' = '00000002'
- 'C:\Win32App\VNC\winvnc4.exe' -unregister
- 'C:\Win32App\VNC\winvnc4.exe' -connect c2net.co.kr
- 'C:\Win32App\VNC\winvnc4.exe' -service
- 'C:\Win32App\VNC\winvnc4.exe' -register
- 'C:\Win32App\VNC\winvnc4.exe' -start
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\cmd.exe' /c ""C:\Win32App\VNC\start.bat" "
- C:\Win32App\VNC\winvnc4.exe
- C:\Win32App\VNC\wm_hooks.dll
- C:\Win32App\VNC\start.bat
- C:\Win32App\VNC\stop.bat
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'c2##t.co.kr':5500
- DNS ASK c2##t.co.kr
- ClassName: '' WindowName: 'winvnc::IPC_Interface'
- ClassName: 'Shell_TrayWnd' WindowName: ''