Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{NLXAA1W-12NEG4-2F74E7-FL1EXJ-ACVPA33X86}] 'StubPath' = '%APPDATA%\msconfig.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Config' = '%APPDATA%\msconfig.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Config' = '%APPDATA%\msconfig.exe'
- %APPDATA%\msconfig.exe
- 'ch##.##rracudasec.com':4667
- DNS ASK ch##.##rracudasec.com
- ClassName: 'Indicator' WindowName: ''