Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ialdnwxf] 'ImagePath' = '<ANALYSETOOLS_DIR>\LoadLib\superec.ProcessMemory.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\BackInC] 'ImagePath' = '<SYSTEM32>\BackInC.sys'
- <ANALYSETOOLS_DIR>\LoadLib\superec.ProcessMemory.sys
- <SYSTEM32>\BackInC.sys
- %TEMP%\1.tmp
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- %TEMP%\4.tmp
- %TEMP%\5.tmp
- %TEMP%\6.tmp
- %TEMP%\7.tmp
- %TEMP%\8.tmp
- %TEMP%\9.tmp
- <SYSTEM32>\BackInC.sys
- %TEMP%\1.tmp
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- %TEMP%\4.tmp
- %TEMP%\5.tmp
- %TEMP%\6.tmp
- %TEMP%\7.tmp
- %TEMP%\8.tmp
- %TEMP%\9.tmp