Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'hasjdtbn' = '%HOMEPATH%\hasjdtbn.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'hasjdtbn' = '<SYSTEM32>\hasjdtbn.exe'
- '<SYSTEM32>\cmd.exe' del <Полный путь к файлу> >> NUL
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\hasjdtbn.exe
- <SYSTEM32>\hasjdtbn.exe
- '14#.#20.110.115':443
- '80.##.245.84':443
- '10#.#20.169.184':443
- '91.##7.198.93':443
- '89.##3.231.106':443
- '78.##.135.66':443
- '46.##.42.235':443
- '93.##0.137.27':443