Technical Information
- [<HKCU>\software\Microsoft\Windows\CurrentVersion\Run] 'Windows Configuration' = '%HOMEPATH%\Documents\msconfigs.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Windows Configuration' = '%HOMEPATH%\Documents\msconfigs.exe'
- %HOMEPATH%\pictures\msconfig.exe
- %HOMEPATH%\documents\msconfigs.exe
- %HOMEPATH%\pictures\msconfig.exe
- %HOMEPATH%\documents\msconfigs.exe
- http://ap#.##pmania.com/
- DNS ASK ap#.##pmania.com
- DNS ASK ra####801.no-ip.org
- '%HOMEPATH%\pictures\msconfig.exe'