Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\acctres32] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\acctres32] 'ImagePath' = '<SYSTEM32>\rundll32.exe acctres32.dll,ekos'
- '<SYSTEM32>\netsh.exe' firewall add portopening TCP 1743 messenger ENABLE ALL
- '<SYSTEM32>\netsh.exe' firewall add portopening TCP 25 DNS ENABLE ALL
- <SYSTEM32>\9b5a2663.dll
- <SYSTEM32>\acctres32.dll
- <SYSTEM32>\56e52ce8.dll
- <SYSTEM32>\a312d5d4.dll
- %TEMP%\e574413e.exe