Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'System Configuration' = '%TEMP%\msconfigsys.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'System Configuration' = '%TEMP%\msconfigsys.exe'
- %TEMP%\msconfigsys.exe
- %TEMP%\msconfigsys.exe
- 'ch##.##rracudasec.com':4667
- DNS ASK ch##.##rracudasec.com
- ClassName: 'Indicator' WindowName: ''