Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'run' = '<LS_APPDATA>\\Microsoft\\Windows\\hkcmd.exe'
- '<SYSTEM32>\cmd.exe' /c mzђ
- <LS_APPDATA>\Microsoft\Windows\hkcmd.exe
- <LS_APPDATA>\Microsoft\Windows\hkcmd.exe
- 'localhost':80
- http://12#.0.0.1/xampp/tests/rcw//readc.php?pc################# via localhost
- http://12#.0.0.1/xampp/tests/rcw/response.php via localhost