Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\HaoTuKanKan_UpdateSvc] 'Start' = '00000002'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\HaoTuKanKan_UpdateSvc] 'ImagePath' = '<SYSTEM32>\svchost.exe -k HaoTuKanKan_UpdateSvc'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\HaoTuKanKan_UpdateSvc\Parameters] 'ServiceDLL' = '<Полный путь к файлу>'
- [<HKLM>\System\CurrentControlSet\Services\HaoTuKanKan_UpdateSvc] 'Start' = '00000002'
- %PROGRAMDATA%\did\did.txt
- %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\content.ie5\62axopq5\updatechecker[1].ini
- http://www.ha###kankan.com/update/updatechecker.ini
- DNS ASK ha###kankan.com
- '%WINDIR%\syswow64\svchost.exe' -k HaoTuKanKan_UpdateSvc