Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'kmyckuum.exe' = '"%APPDATA%\Identities\kmyckuum.exe"'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- <SYSTEM32>\cmd.exe
- %APPDATA%\ms3907252.bat
- %APPDATA%\Identities\kmyckuum.exe
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- %APPDATA%\ms3907252.bat
- '17#.#2.50.238':8080
- '69.##4.138.101':8080
- '78.##9.157.53':8080
- '74.##5.24.139':8080
- '19#.0.72.3':8080
- '46.##4.18.97':8080
- '18#.#1.125.1':8080
- '15#.#55.238.163':8080
- '67.##1.22.192':8080
- '93.##4.137.188':8080
- '19#.#1.205.34':8080
- '18#.#9.12.69':8080
- '87.##7.242.29':8080
- '20#.#1.237.99':8080
- '16#.#44.106.152':8080
- '50.##.235.218':8080
- '10#.#45.153.151':8080
- '69.##7.127.57':8080
- '18#.#35.132.105':8080
- '88.##9.101.12':8080
- '19#.#2.156.123':8080
- '20#.#75.17.35':8080
- ClassName: 'Indicator' WindowName: ''