Re: Boobytrap a VM.
Mm, I wondered the same. Not sure the CMD shell can even do that on the host VM all that easily, let alone reaching back through the tubes and doing it to the VNC client's host machine.
Not to mention that if Hide Extensions is enabled (as has been default for quite some time), the mark might wonder why the file *has* a .TXT extension showing?
Now you could name it "Passwords.bat" but the icon would still be wrong. Worth a try would be creating the batchfile elsewhere and placing on the Desktop a shortcut to it, which IIRC you can change the icon of the shortcut.
But I'd still like that recipe for how this batchfile is pwning the intruder's machine. Still with us, OP?
Icon: closest available to "chinny reckon".