Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'mono' = '%WINDIR%\mono.exe'
- [<HKLM>\SOFTWARE\Classes\Software\Microsoft\Windows\CurrentVersion\Run] 'mono' = '%WINDIR%\mono.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'moh' = '%WINDIR%\moh.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- Диспетчера задач (Taskmgr)
- '%WINDIR%\mono.exe'
- '%WINDIR%\moh.exe'
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- %WINDIR%\moh.exe
- %WINDIR%\ScreenCapture.dll
- %WINDIR%\Uninstall.ini
- %WINDIR%\Uninstall.exe
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %WINDIR%\mono.exe
- %WINDIR%\DisableWindowManagement.dll
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- '<IP-адрес в локальной сети>':8080
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'