Technical Information
- [<HKLM>\System\CurrentControlSet\Services\SuperETF Service TEM FUCKSD360] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\SuperETF Service TEM FUCKSD360] 'ImagePath' = '%ProgramFiles(x86)%\<File name>.exe'
- <Current directory>\tem.vbs
- %ProgramFiles(x86)%\2-10.exe
- <Current directory>\tem.vbs
- from <Full path to file> to %ProgramFiles(x86)%\<File name>.exe
- '47.##2.209.152':8888
- '<LOCALNET>.33.26':0
- http://61.###.103.143:250/2-10.exe via 61.##7.103.143
- ClassName: '' WindowName: 'Microsoft Internet Explorer'
- '%WINDIR%\syswow64\wscript.exe' "<Current directory>\tem.vbs"