Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\mnmsrvc] 'Start' = '00000002'
- <SYSTEM32>\mnmsrvc.exe файлом <SYSTEM32>\mnmsrvc.exe
- ClassName: '#32770' WindowName: 'Windows File Protection'
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2LM5OP\wpad[1].dat
- <SYSTEM32>\mnmsrvc.exe в <SYSTEM32>\mnmsrvc.exe.bak
- 'wpad.localdomain':80
- '21###.##lsomalimusic.com.cn':80
- '1f###.#prophesy.com.cn':80
- wpad.localdomain/wpad.dat
- 1f###.#prophesy.com.cn/update/version.txt
- 21###.##lsomalimusic.com.cn/client_register_av.do?ty##################################
- DNS ASK wpad.localdomain
- DNS ASK 21###.##lsomalimusic.com.cn
- DNS ASK 1f###.#prophesy.com.cn
- ClassName: '#32770' WindowName: '????????????????'
- ClassName: '#32770' WindowName: 'Windows ????????'