Technical Information
- [<HKLM>\System\CurrentControlSet\Services\SuperProServer] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\SuperProServer] 'ImagePath' = '%ProgramFiles(x86)%\Terms.EXE.exe'
- 'SuperProServer' %ProgramFiles(x86)%\Terms.EXE.exe
- %ProgramFiles(x86)%\axm63\自动挂机.exe
- %ProgramFiles(x86)%\axm63\crackcaptchaapi.dll
- %ProgramFiles(x86)%\axm63\hprose.dll
- %ProgramFiles(x86)%\axm63\htmlagilitypack.dll
- %ProgramFiles(x86)%\axm63\newtonsoft.json.dll
- %ProgramFiles(x86)%\axm63\sb360.exe
- %ProgramFiles(x86)%\axm63\sharpzip.dll
- %ProgramFiles(x86)%\axm63\smartthreadpool.dll
- %ProgramFiles(x86)%\axm63\task.exe.config
- %ProgramFiles(x86)%\axm63\uuwisehelper.dll
- %ProgramFiles(x86)%\axm63\挂机.exe
- %ProgramFiles(x86)%\terms.exe.exe
- 'lt##66.com':80
- DNS ASK lt##66.com
- ClassName: 'EDIT' WindowName: ''
- '%ProgramFiles(x86)%\axm63\自动挂机.exe'
- '%ProgramFiles(x86)%\axm63\sb360.exe'
- '%ProgramFiles(x86)%\terms.exe.exe'