Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Hijklm] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Hijklm] 'ImagePath' = '%ProgramFiles%\Hijkl.exe'
- %ProgramFiles%\psupdatepackage.dll
- %ProgramFiles%\hijkl.exe
- 'localhost':8000
- '%ProgramFiles%\hijkl.exe'
- '<SYSTEM32>\rundll32.exe' "%ProgramFiles%\PsUpdatePackage.dll",?Base_W2U8@common@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z' (со скрытым окном)
- '<SYSTEM32>\rundll32.exe' "%ProgramFiles%\PsUpdatePackage.dll",?Base_W2U8@common@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z