Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'huigezi' = '<SYSTEM32>\HgzServer.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices] 'huigezi' = '<SYSTEM32>\HgzServer.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'huigezi' = '<SYSTEM32>\HgzServer.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'run' = '<SYSTEM32>\HgzServer.exe'
- %WINDIR%\syswow64\hgzserver.exe
- %WINDIR%\syswow64\hgzserver.exe
- ClassName: 'MS_WINHELP' WindowName: ''
- '%WINDIR%\syswow64\hgzserver.exe' /HuiFSetup
- '%WINDIR%\syswow64\hgzserver.exe' /HuiFSetup' (со скрытым окном)