Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'update' = '%APPDATA%\Winodws Explorer.exe'
- %TEMP%\_mei11122\microsoft.vc90.crt.manifest
- %TEMP%\_mei11122\_hashlib.pyd
- %TEMP%\_mei11122\_socket.pyd
- %TEMP%\_mei11122\_ssl.pyd
- %TEMP%\_mei11122\backdoor.exe.manifest
- %TEMP%\_mei11122\bz2.pyd
- %TEMP%\_mei11122\msvcm90.dll
- %TEMP%\_mei11122\msvcp90.dll
- %TEMP%\_mei11122\msvcr90.dll
- %TEMP%\_mei11122\python27.dll
- %TEMP%\_mei11122\select.pyd
- %TEMP%\_mei11122\unicodedata.pyd
- %TEMP%\_mei11122\include\pyconfig.h
- %APPDATA%\winodws explorer.exe
- '<LOCALNET>.56.1':6969
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "%APPDATA%\Winodws Explorer.exe""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "%APPDATA%\Winodws Explorer.exe""
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "%APPDATA%\Winodws Explorer.exe"