Техническая информация
- %WINDIR%\Tasks\At1.job
- [<HKLM>\SYSTEM\ControlSet001\Services\mnmsrvc] 'Start' = '00000002'
- <SYSTEM32>\mnmsrvc.exe
- <SYSTEM32>\dllcache\mnmsrvc.exe файлом <SYSTEM32>\dllcache\mnmsrvc.exe.new
- <SYSTEM32>\mnmsrvc.exe файлом <SYSTEM32>\mnmsrvc.exe.new
- <SYSTEM32>\mnmsrvc.exe
- <SYSTEM32>\sc.exe start mnmsrvc
- <SYSTEM32>\sc.exe config mnmsrvc start= auto
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Fonts\llk1340826664.mp3
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\update[1].txt
- <SYSTEM32>\dllcache\mnmsrvc.exe.new
- <SYSTEM32>\mnmsrvc.exe.new
- <SYSTEM32>\d3d33.dll
- <SYSTEM32>\hdsd33.dat
- <SYSTEM32>\s1340826664h.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\setup1012[1].txt
- %WINDIR%\Fonts\llk1340826664.mp3
- <SYSTEM32>\s1340826664h.dat
- %WINDIR%\Tasks\At1.job
- 'no###.#own.youkill.cn':80
- no###.#own.youkill.cn/xz//update.txt
- no###.#own.youkill.cn/xz//user/setup1012.txt
- DNS ASK no###.#own.youkill.cn