Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\mnmsrvc] 'Start' = '00000002'
- <SYSTEM32>\mnmsrvc.exe
- <SYSTEM32>\mnmsrvc.exe
- ClassName: '#32770' WindowName: 'Windows File Protection'
- <SYSTEM32>\dllcache\mnmsrvc.exe
- <SYSTEM32>\mnmsrvc.exe в <SYSTEM32>\mnmsrvc.exe.bak
- 'so##.5181888.cn':80
- http://so##.5181888.cn/update/new.exe
- DNS ASK so##.5181888.cn
- ClassName: '#32770' WindowName: 'Windows ОДјю±Ј»¤'
- ClassName: '#32770' WindowName: 'Windows ????????'