Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'super_hm_service' = '%PROGRAM_FILES%\super_hm\super_hm_main.exe'
- %PROGRAM_FILES%\super_hm\super_hm_main.exe
- %PROGRAM_FILES%\super_hm\super_hm_main.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\super_hm_service[1].exe
- %PROGRAM_FILES%\super_hm\super_hm_service.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\super_hm_main[1].exe
- %PROGRAM_FILES%\super_hm\super_hm_main.exe
- 'kj##2.com':80
- kj##2.com/down/super_hm_service.exe
- kj##2.com/down/super_hm_main.exe
- kj##2.com/mail/cnt0.php
- DNS ASK kj##2.com