Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Update' = '<Full path to file>'
- 'ms#####.#ranus.feralhosting.com':80
- 'ms#####.##taeus.feralhosting.com':80
- '18#.#5.48.68':80
- '18#.#5.48.68':443
- 'pa###bin.com':80
- 'pa###bin.com':443
- 'download.microsoft.com':443
- 'microsoft.com':80
- http://ms#####.#ranus.feralhosting.com/68fead277b52bdd8f1ca21cddcd3299
- http://ms#####.#ranus.feralhosting.com/217eb54cfc0fe64e8a5d802042506b443
- http://ms#####.##taeus.feralhosting.com/6e628c7bd6d34dc3c2a8ae7d0e5a9b
- http://ms#####.##taeus.feralhosting.com/c3cb5860f0dbf08b28efd5ab25ea95472e
- http://18#.#5.48.68/02ed55faea5d1d2b1490e78da30da107/5fc741325308c0e741e9509ed5d
- http://18#.#5.48.68/02ed55faea5d1d2b1490e78da30da107/fc324f595608bf3e9809c401917f9a6900977
- http://pa###bin.com/raw/h5yBCwpY
- http://pa###bin.com/raw/HNkipzLK
- http://pa###bin.com/raw/qdwMGvDS
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- '18#.#5.48.68':443
- 'pa###bin.com':443
- 'download.microsoft.com':443
- DNS ASK ms#####.#ranus.feralhosting.com
- DNS ASK ms#####.##taeus.feralhosting.com
- DNS ASK pa###bin.com
- DNS ASK download.microsoft.com
- DNS ASK microsoft.com