HijackLoader Updates

This report provides a technical analysis of HijackLoader, a modular Windows loader that decrypts and decompresses embedded or downloaded PNG-steganographed modules to execute a second-stage 'ti' module which performs process hollowing and injects a main instrumentation payload; it details first- and second-stage logic, hashing and decryption routines (SDBM, CRC-32, XOR), LZNT1 decompression, module names and hashes, anti-analysis/evasion techniques (Heaven's Gate, direct syscalls, UAC bypass, Defender exclusion), and observable indicators (process names, hashes, and a URL).