Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NetWork' = '<SYSTEM32>\rundll.dll'
- [<HKLM>\SOFTWARE\Classes\dllfile\shell\open\command] '' = '%1'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- <SYSTEM32>\rundll.dll
- <SYSTEM32>\net1.exe stop "Central de Seguranзa"
- <SYSTEM32>\net.exe stop "Central de Seguranзa"
- <SYSTEM32>\netsh.exe firewall set opmode mode = disable
- %WINDIR%\inf\ultravnc.ini
- <SYSTEM32>\rundll.dll
- 'localhost':233
- 'localhost':99
- 'localhost':555
- ClassName: 'TfrmServer' WindowName: '464646'
- ClassName: 'TApplication' WindowName: '494949'
- ClassName: 'MS_WINHELP' WindowName: ''