Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'run' = '<LS_APPDATA>\Microsoft\Windows\test.exe'
- '<SYSTEM32>\cmd.exe' /c mzђ
- <LS_APPDATA>\Microsoft\Windows\test.exe
- <LS_APPDATA>\Microsoft\Windows\test.exe
- 'localhost':80
- http://12#.0.0.1/xampp/tests/rcw//readc.php?pc############## via localhost
- http://12#.0.0.1/xampp/tests/rcw/response.php via localhost