Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{NLXAA1W-12NEG4-2F74E7-FL1EXJ-ACVPA33X86}] 'StubPath' = '%APPDATA%\msconfig.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Config' = '%APPDATA%\msconfig.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Config' = '%APPDATA%\msconfig.exe'
- %APPDATA%\msconfig.exe
- 'st###bble.com':80
- 'wp#d':80
- st###bble.com/userdb/usersonline.php
- st###bble.com/userdb/command.txt
- wp#d/wpad.dat
- DNS ASK st###bble.com
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: ''