Here is a malware report from today that conducts PAC configuration on a victims machine. Below is a screenshot of the malware's logic that configures the PAC file. It sets the registry key:
Software\Microsoft\Windows\CurrentVersion\Internet Settings with an AutoConfigURL value.
This malware example, configures the victim to use the PAC file on:
dns.configdeskwork.com. 1800 IN A 184.108.40.206As previously mentioned, PAC files enable proxy settings on a per URL basis. This particular PAC file redirects traffic to the attacker's host (220.127.116.11) for a number of Brazilian sites and American Express. Below is a screenshot of the PAC file: