Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\hideproc] 'ImagePath' = '<DRIVERS>\hideproc.sys'
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'GBDYLLO', WindowName: ''
- ClassName: 'pediy06', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- %TEMP%\hideproc.sys
- %WINDIR%\syswow64\drivers\hideproc.sys
- <LS_APPDATA>\temp1337steamlogin.exe
- %TEMP%\steam.exe
- %TEMP%\steam.exetemp.bat
- %TEMP%\steam.dll
- %TEMP%\steam.exetemp.txt
- C:\start
- %WINDIR%\syswow64\drivers\hideproc.sys
- %TEMP%\hideproc.sys
- %WINDIR%\syswow64\drivers\hideproc.sys
- ClassName: '18467-41' WindowName: ''
- '<LS_APPDATA>\temp1337steamlogin.exe'
- '%TEMP%\steam.exe' /start
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\steam.exetemp.bat" "' (со скрытым окном)
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowWarningDialog "<Полный путь к файлу>"
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\steam.exetemp.bat" "