Technical Information
- [<HKLM>\System\CurrentControlSet\Services\SuperProServer] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\SuperProServer] 'ImagePath' = '%WINDIR%\Terms.EXE'
- 'SuperProServer' %WINDIR%\Terms.EXE
- %WINDIR%\terms.exe
- C:\7106.vbs
- C:\7106.vbs
- DNS ASK a8#####004.f3322.org
- '%WINDIR%\terms.exe'
- '%WINDIR%\syswow64\wscript.exe' "C:\7106.vbs"
- '%WINDIR%\syswow64\wscript.exe' "C:\7106.vbs"' (with hidden window)