Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'update' = '%APPDATA%\Windows Explorer.exe'
- %TEMP%\_mei13882\_ctypes.pyd
- %TEMP%\_mei13882\_hashlib.pyd
- %TEMP%\_mei13882\_socket.pyd
- %TEMP%\_mei13882\_ssl.pyd
- %TEMP%\_mei13882\bz2.pyd
- %TEMP%\_mei13882\python27.dll
- %TEMP%\_mei13882\select.pyd
- %TEMP%\_mei13882\unicodedata.pyd
- %TEMP%\_mei13882\zlogger.exe.manifest
- %TEMP%\_mei13882\include\pyconfig.h
- %TEMP%\_mei13882\lab.pdf
- %APPDATA%\windows explorer.exe
- 'sm##.gmail.com':587
- DNS ASK sm##.gmail.com
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\_mei13882\lab.pdf"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "%APPDATA%\Windows Explorer.exe""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\_mei13882\lab.pdf"
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "%APPDATA%\Windows Explorer.exe""
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "%APPDATA%\Windows Explorer.exe"
- '%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.exe' "%TEMP%\_mei13882\lab.pdf"