Technical Information
- [<HKLM>\System\CurrentControlSet\Services\ialdnwxf] 'ImagePath' = '<Current directory>\superec.ProcessMemory.sys'
- 'ialdnwxf' <Current directory>\\superec.ProcessMemory.sys
- 'ialdnwxf' <Current directory>\superec.ProcessMemory.sys
- <Current directory>\superec.processmemory.sys
- %WINDIR%\temp\udd3d4d.tmp
- C:\èõ³£²å¼þåäöã\×ô¶¯65\dm.dll
- C:\èõ³£²å¼þåäöã\×ô¶¯65\×ô¶¯651.dll
- C:\èõ³£²å¼þåäöã\×ô¶¯65\×ô¶¯652.dll
- %WINDIR%\temp\udd3d4d.tmp
- <Current directory>\superec.processmemory.sys
- 'qq#####rfs.lofter.com':80
- DNS ASK qq#####rfs.lofter.com
- '%WINDIR%\syswow64\regsvr32.exe' C:\ÈÕ³£²å¼þÅäÖÃ\×Ô¶¯65\dm.dll -s' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' C:\ÈÕ³£²å¼þÅäÖÃ\×Ô¶¯65\dm.dll -s