Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sctrlmgr' = '<SYSTEM32>\sescmgr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\sescmgr.exe' = '<SYSTEM32>\sescmgr.exe:*:Enabled:QoS SRVSP'
- %TEMP%\s0ct0003.tmp
- <SYSTEM32>\sescmgr.exe
- 'af####counter.com':80
- http://af####counter.com/svc332.dll
- DNS ASK af####counter.com