Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' --_fbe' = '"%HOMEPATH%\--_fbe\ --_fbe.exe"'
- %HOMEPATH%\--_fbe\bit781c.tmp
- %HOMEPATH%\--_fbe\libeay32.dll
- %HOMEPATH%\--_fbe\ssleay32.dll
- %HOMEPATH%\--_fbe\dbghelp.dll
- %HOMEPATH%\--_fbe\dump.dmp
- %HOMEPATH%\--_fbe\dump2.dmp
- %HOMEPATH%\--_fbe\borlndmm.dll
- %HOMEPATH%\--_fbe\bit781c.tmp
- %HOMEPATH%\--_fbe\ --_fbe.zip
- from %HOMEPATH%\--_fbe\bit781c.tmp to %HOMEPATH%\--_fbe\ --_fbe.zip
- from %HOMEPATH%\--_fbe\dump.dmp to %HOMEPATH%\--_fbe\ --_fbe.dmp
- from %HOMEPATH%\--_fbe\dump2.dmp to %HOMEPATH%\--_fbe\ --_fbe.exe
- 'xc########.s3-eu-west-1.amazonaws.com':443
- 'lo####zaip.com.br':443
- DNS ASK xc########.s3-eu-west-1.amazonaws.com
- DNS ASK lo####zaip.com.br
- DNS ASK go##e.com
- ClassName: '' WindowName: ''
- '%HOMEPATH%\--_fbe\ --_fbe.exe'
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~15,1%
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~11,1%
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~14,1%
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'