Техническая информация
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinIdle' = '<Полный путь к файлу>'
- 'ms#####.#ion.feralhosting.com':80
- 'ms#####.#allas.feralhosting.com':80
- '18#.#5.48.68':80
- '18#.#5.48.68':443
- 'pa###bin.com':80
- 'pa###bin.com':443
- http://ms#####.#ion.feralhosting.com/3753f9ba56bb6017239d22387fc53035
- http://ms#####.#ion.feralhosting.com/4a8774400e6d2e209109d021a74e2d3c
- http://ms#####.#allas.feralhosting.com/034220e27f40d14d8012c43e0cf0e841
- http://ms#####.#allas.feralhosting.com/b9e6dd4de7f79fa37836774d2474253c
- http://18#.#5.48.68/02ed55faea5d1d2b1490e78da30da107/5fc741325308c0e741e9509ed5d
- http://18#.#5.48.68/02ed55faea5d1d2b1490e78da30da107/fc324f595608bf3e9809c401917f9a6900977
- http://pa###bin.com/raw/h5yBCwpY
- http://pa###bin.com/raw/HNkipzLK
- http://pa###bin.com/raw/qdwMGvDS
- http://pa###bin.com/raw/Vf81BwHn
- http://pa###bin.com/raw/Z3mcNqjz
- http://pa###bin.com/raw/u66uXYRh
- '18#.#5.48.68':443
- 'pa###bin.com':443
- DNS ASK ms#####.#ion.feralhosting.com
- DNS ASK ms#####.#allas.feralhosting.com
- DNS ASK pa###bin.com