Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'INST' = '%ALLUSERSPROFILE%\Templates\rew.exe'
- %ALLUSERSPROFILE%\Templates\rew.exe
- %ALLUSERSPROFILE%\Templates\rew.exe
- 'ms##.#efound.com':8080
- 'ms##.#efound.com':1863
- 'ms##.#efound.com':443
- 'ho####l.dsmtp.com':8080
- 'ho####l.dsmtp.com':443
- 'ho####l.dsmtp.com':1863
- DNS ASK ms##.#efound.com
- DNS ASK ho####l.dsmtp.com