Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "<SYSTEM32>\rundll32.dll"'
- [<HKLM>\SOFTWARE\Classes\dllfile\shell\open\command] '' = '%1'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- <SYSTEM32>\rundll32.dll
- <SYSTEM32>\net1.exe stop "Central de Seguranзa"
- <SYSTEM32>\net.exe stop "Central de Seguranзa"
- <SYSTEM32>\netsh.exe firewall set opmode mode = disable
- <SYSTEM32>\rundll32.dll
- %WINDIR%\inf\ultravnc.ini
- <SYSTEM32>\rundll32.dll
- ClassName: 'TfrmServer' WindowName: '464646'
- ClassName: 'TApplication' WindowName: '494949'
- ClassName: 'MS_WINHELP' WindowName: ''