Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FMC' = '<LS_APPDATA>\FMC\FMC_WD.exe'
- '<LS_APPDATA>\FMC\FMC_WD.exe'
- '<LS_APPDATA>\FMC\FMC_Upload.exe'
- '<LS_APPDATA>\FMC\FMC_Capture.exe'
- '<SYSTEM32>\taskkill.exe' /im FMC_WD.exe /f
- '<SYSTEM32>\taskkill.exe' /im FMC_Capture.exe /f
- '<SYSTEM32>\taskkill.exe' /im FMC_Upload.exe /f
- <LS_APPDATA>\FMC\libeay32.dll
- <LS_APPDATA>\FMC\ssleay32.dll
- <LS_APPDATA>\FMC\FMC_Capture.exe
- <LS_APPDATA>\FMC\FMC_Upload.exe
- <LS_APPDATA>\FMC\FMC_WD.exe
- 'localhost':139
- 'localhost':445
- 'localhost':1433
- ClassName: '' WindowName: 'FMC_Capture'
- ClassName: '' WindowName: ''