Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{6CDYJO8-YWDZ6L-G33BN8-DKGBUG-L2LHKOCKB5}] 'StubPath' = '%APPDATA%\msconfig.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Config' = '%APPDATA%\msconfig.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Config' = '%APPDATA%\msconfig.exe'
- %APPDATA%\msconfig.exe
- 'bn.##arhf.com':80
- 'wp#d':80
- bn.##arhf.com/command.txt
- bn.##arhf.com/usersonline.php
- wp#d/wpad.dat
- DNS ASK bn.##arhf.com
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: ''