Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\HSUpdate] 'Start' = '00000002'
- <SYSTEM32>\sc.exe Create "HSUpdate" type= own type= interact start= auto binPath= "cmd.exe /c start "%WINDIR%\HSUpdate.exe"
- %WINDIR%\HSUpdate.exe
- %WINDIR%\ReadWriteProMem.sys
- %WINDIR%\HSUpdate.exe
- %WINDIR%\ReadWriteProMem.sys
- ClassName: 'Shell_TrayWnd' WindowName: ''