Technical Information
- %TEMP%\nsd6.tmp\ns14.tmp "taskkill.exe" /F /IM WinVnc.exe /T
- %TEMP%\nsd6.tmp\ns15.tmp "%PROGRAM_FILES%\1c2.0.9\Uninst.exe"
- %TEMP%\nsd6.tmp\ns13.tmp "tskill.exe" WinVnc
- %TEMP%\nsd6.tmp\ns11.tmp "taskkill.exe" /F /IM WinVncSC.exe /T
- %TEMP%\nsd6.tmp\ns12.tmp "taskkill.exe" /F /IM AvncMenu.exe /T
- %TEMP%\nsd6.tmp\ns16.tmp cmd.exe /C del /P /Q "%ALLUSERSPROFILE%\Start Menu\Tools.url"
- %TEMP%\nsd6.tmp\ns1A.tmp "%TEMP%\nsm3.tmp\AvncMenu.exe"
- %TEMP%\nsm3.tmp\AvncMenu.exe
- %TEMP%\nsd6.tmp\ns19.tmp cmd.exe /C del /P /Q "%HOMEPATH%\Desktop\Tools.url"
- %TEMP%\nsd6.tmp\ns17.tmp cmd.exe /C del /P /Q "%ALLUSERSPROFILE%\Desktop\Tools.url"
- %TEMP%\nsd6.tmp\ns18.tmp cmd.exe /C del /P /Q "%HOMEPATH%\Start Menu\Tools.url"
- %TEMP%\nsd6.tmp\ns9.tmp "sc.exe" delete winvnc4
- %TEMP%\nsd6.tmp\nsA.tmp "net.exe" stop uvnc_service
- %TEMP%\nsd6.tmp\ns8.tmp "sc.exe" delete winvnc
- %TEMP%\nsm3.tmp\WebGetS.exe /3
- %TEMP%\nsd6.tmp\ns7.tmp "sc.exe" delete uvnc_service
- %TEMP%\nsd6.tmp\nsB.tmp "net.exe" stop WinVNC
- %TEMP%\nsd6.tmp\nsF.tmp "tskill.exe" AvncMenu
- %TEMP%\nsd6.tmp\ns10.tmp "taskkill.exe" /F /IM 1click.exe /T
- %TEMP%\nsd6.tmp\nsE.tmp "tskill.exe" 1click
- %TEMP%\nsd6.tmp\nsC.tmp "net.exe" stop WinVNC4
- %TEMP%\nsd6.tmp\nsD.tmp "tskill.exe" WinVncSC
- <SYSTEM32>\tskill.exe AvncMenu
- <SYSTEM32>\taskkill.exe /F /IM 1click.exe /T
- <SYSTEM32>\tskill.exe WinVncSC
- <SYSTEM32>\tskill.exe 1click
- <SYSTEM32>\tskill.exe WinVnc
- <SYSTEM32>\taskkill.exe /F /IM WinVnc.exe /T
- <SYSTEM32>\taskkill.exe /F /IM WinVncSC.exe /T
- <SYSTEM32>\taskkill.exe /F /IM AvncMenu.exe /T
- <SYSTEM32>\net1.exe stop WinVNC4
- <SYSTEM32>\sc.exe delete winvnc4
- <SYSTEM32>\net.exe stop uvnc_service
- <SYSTEM32>\sc.exe delete uvnc_service
- <SYSTEM32>\sc.exe delete winvnc
- <SYSTEM32>\net1.exe stop WinVNC
- <SYSTEM32>\net.exe stop WinVNC4
- <SYSTEM32>\net1.exe stop uvnc_service
- <SYSTEM32>\net.exe stop WinVNC
- %TEMP%\nsd6.tmp\ns19.tmp
- %PROGRAM_FILES%\1c2.0.9\Uninst.exe
- %TEMP%\nsd6.tmp\ns17.tmp
- %TEMP%\nsd6.tmp\ns18.tmp
- %PROGRAM_FILES%\1c2.0.9\stop.ico
- %PROGRAM_FILES%\1c2.0.9\icon1.ico
- %WINDIR%\UltraVNC.ini
- %PROGRAM_FILES%\1c2.0.9\UltraVnc.ini
- %TEMP%\nsd6.tmp\ns16.tmp
- %TEMP%\nsd6.tmp\ns11.tmp
- %TEMP%\nsd6.tmp\ns12.tmp
- %TEMP%\nsd6.tmp\nsF.tmp
- %TEMP%\nsd6.tmp\ns10.tmp
- %PROGRAM_FILES%\1c2.0.9\Advantig.Lic
- %TEMP%\nsd6.tmp\ns15.tmp
- %TEMP%\nsd6.tmp\ns13.tmp
- %TEMP%\nsd6.tmp\ns14.tmp
- %PROGRAM_FILES%\1c2.0.9\icon2.ico
- %PROGRAM_FILES%\1c2.0.9\CustomText.ini
- %PROGRAM_FILES%\1c2.0.9\1Click.exe
- %PROGRAM_FILES%\1c2.0.9\rePaper.exe
- %PROGRAM_FILES%\1c2.0.9\OneClick.ini
- %TEMP%\nsm3.tmp\Advantig.ini
- %TEMP%\nsd6.tmp\ns1A.tmp
- %PROGRAM_FILES%\1c2.0.9\Goodbye.vbs
- %PROGRAM_FILES%\1c2.0.9\boot.ico
- %PROGRAM_FILES%\1c2.0.9\MSRC4Plugin.dsm
- %PROGRAM_FILES%\1c2.0.9\helpdesk.txt
- %PROGRAM_FILES%\1c2.0.9\winvncsc.exe
- %PROGRAM_FILES%\1c2.0.9\logo.bmp
- %PROGRAM_FILES%\1c2.0.9\background.bmp
- %PROGRAM_FILES%\1c2.0.9\vnchooks.dll
- %PROGRAM_FILES%\1c2.0.9\rc4.key
- %PROGRAM_FILES%\1c2.0.9\cad.exe
- %PROGRAM_FILES%\1c2.0.9\Ding_Dong.wav
- %TEMP%\nsd6.tmp\nsE.tmp
- %TEMP%\nsm3.tmp\icon2.ico
- %TEMP%\nsm3.tmp\stop.ico
- %TEMP%\nsm3.tmp\background.bmp
- %TEMP%\nsm3.tmp\icon1.ico
- %TEMP%\nsm3.tmp\CustomText.ini
- %TEMP%\nsm3.tmp\OneClick.ini
- %TEMP%\nsm3.tmp\boot.ico
- %TEMP%\nsm3.tmp\vnchooks.dll
- %TEMP%\nsm3.tmp\logo.bmp
- %TEMP%\nsm3.tmp\helpdesk.txt
- %TEMP%\nsm3.tmp\winvncsc.exe
- %TEMP%\nsb2.tmp
- %TEMP%\nsm3.tmp\WebGetS.exe
- %TEMP%\nsm3.tmp\Ding_Dong.wav
- %TEMP%\nsm3.tmp\Splash.bmp
- %TEMP%\nsm3.tmp\UltraVnc.ini
- %TEMP%\nsm3.tmp\cad.exe
- %TEMP%\nsm3.tmp\Goodbye.vbs
- %TEMP%\nsd6.tmp\ns8.tmp
- %TEMP%\nsd6.tmp\ns9.tmp
- %TEMP%\nsd6.tmp\nsExec.dll
- %TEMP%\nsd6.tmp\ns7.tmp
- %TEMP%\nsd6.tmp\nsC.tmp
- %TEMP%\nsd6.tmp\nsD.tmp
- %TEMP%\nsd6.tmp\nsA.tmp
- %TEMP%\nsd6.tmp\nsB.tmp
- %TEMP%\nsm3.tmp\AvncMenu.exe
- %TEMP%\nsm3.tmp\rc4.key
- %TEMP%\nsq5.tmp
- %TEMP%\nsm3.tmp\1Click.exe
- %TEMP%\nsm3.tmp\MSRC4Plugin.dsm
- %TEMP%\nsd6.tmp\Splash.dll
- %TEMP%\nsm3.tmp\rePaper.exe
- %TEMP%\nsm3.tmp\Advantig.Lic
- %TEMP%\nsd6.tmp\default.bmp
- %TEMP%\nsd6.tmp\ns13.tmp
- %TEMP%\nsd6.tmp\ns14.tmp
- %TEMP%\nsd6.tmp\ns11.tmp
- %TEMP%\nsd6.tmp\ns12.tmp
- %TEMP%\nsd6.tmp\ns15.tmp
- %TEMP%\nsd6.tmp\ns18.tmp
- %TEMP%\nsd6.tmp\ns19.tmp
- %TEMP%\nsd6.tmp\ns16.tmp
- %TEMP%\nsd6.tmp\ns17.tmp
- %TEMP%\nsd6.tmp\ns10.tmp
- %TEMP%\nsd6.tmp\ns9.tmp
- %TEMP%\nsd6.tmp\nsA.tmp
- %TEMP%\nsd6.tmp\ns7.tmp
- %TEMP%\nsd6.tmp\ns8.tmp
- %TEMP%\nsd6.tmp\nsB.tmp
- %TEMP%\nsd6.tmp\nsE.tmp
- %TEMP%\nsd6.tmp\nsF.tmp
- %TEMP%\nsd6.tmp\nsC.tmp
- %TEMP%\nsd6.tmp\nsD.tmp
- ClassName: 'WinVNC desktop sink' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: '#32770' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''