Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\HanbiroRemoteControl_Service] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\HanbiroRemoteControl_Service] 'ImagePath' = '"%TEMP%\HanbiroRemoteControl\hanremote.exe" -service'
- %TEMP%\nsk36b3.tmp\nsprocess.dll
- %TEMP%\hanbiroremotecontrol\hanremote.exe
- %TEMP%\hanbiroremotecontrol\remotecontrol.exe
- %TEMP%\hanbiroremotecontrol\set.ini
- %TEMP%\hanbiroremotecontrol\vnchooks.dll
- %TEMP%\hanbiroremotecontrol\set.xml
- %TEMP%\hanbiroremotecontrol\libjpeg-turbo-winv11.dll
- %TEMP%\nsk36b3.tmp\nsexec.dll
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012020030120200302\index.dat
- http://www.ha##iro.com/remotecontrol/benner.htm
- http://www.ha##iro.com/remotecontrol/img/banner.jpg
- DNS ASK ha##iro.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%TEMP%\hanbiroremotecontrol\remotecontrol.exe' /icon
- '%TEMP%\hanbiroremotecontrol\hanremote.exe' hanbiro-vnc -install
- '%TEMP%\hanbiroremotecontrol\hanremote.exe' -service
- '%TEMP%\hanbiroremotecontrol\hanremote.exe' -service_run
- '%TEMP%\hanbiroremotecontrol\remotecontrol.exe' /icon' (со скрытым окном)
- '%WINDIR%\syswow64\net.exe' start "HanbiroRemoteControl_Service"' (со скрытым окном)
- '%WINDIR%\syswow64\net.exe' start "HanbiroRemoteControl_Service"
- '%WINDIR%\syswow64\net1.exe' start "HanbiroRemoteControl_Service"