Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'hanta_ransom' = '"%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\HANTA.exe"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\hanta.exe
- 'wf#####bhdxgb.ueuo.com':80
- 'pe##m.ga':443
- DNS ASK wf#####bhdxgb.ueuo.com
- DNS ASK pe##m.ga