Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'service' = '%WINDIR%\Temp\ImageVeiwer.exe'
- %TEMP%\_mei22322\microsoft.vc90.crt.manifest
- %TEMP%\_mei22322\include\pyconfig.h
- %TEMP%\_mei22322\win32pipe.pyd
- %TEMP%\_mei22322\win32pdh.pyd
- %TEMP%\_mei22322\select.pyd
- %TEMP%\_mei22322\pywintypes27.dll
- %TEMP%\_mei22322\python27.dll
- %TEMP%\_mei22322\pyexpat.pyd
- %WINDIR%\temp\imageveiwer.exe
- %TEMP%\_mei22322\msvcr90.dll
- %TEMP%\_mei22322\msvcm90.dll
- %TEMP%\_mei22322\ma.exe.manifest
- %TEMP%\_mei22322\bz2.pyd
- %TEMP%\_mei22322\_ssl.pyd
- %TEMP%\_mei22322\_socket.pyd
- %TEMP%\_mei22322\_elementtree.pyd
- %TEMP%\_mei22322\_ctypes.pyd
- %TEMP%\_mei22322\msvcp90.dll
- %WINDIR%\temp\image.png
- http://18#.#03.116.4service.html
- '<SYSTEM32>\cmd.exe' /c "%WINDIR%\Temp\image.PNG"' (with hidden window)
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "service" /t REG_SZ /f /d "%WINDIR%\Temp\ImageVeiwer.exe"
- '<SYSTEM32>\cmd.exe' /c "%WINDIR%\Temp\image.PNG"