Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'kmyckuum.exe' = '"%APPDATA%\Identities\kmyckuum.exe"'
- '<SYSTEM32>\cmd.exe' /c "%APPDATA%\MS4245~1.BAT"
- <SYSTEM32>\cmd.exe
- %APPDATA%\ms4245398.bat
- %APPDATA%\Identities\kmyckuum.exe
- %APPDATA%\ms4245398.bat
- '20#.#6.232.182':80
- http://www.microsoft.com/ via 20#.#6.232.182
- DNS ASK www.microsoft.com
- ClassName: 'Indicator' WindowName: ''