Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows' = 'C:\Users\Public\Windows.exe'
- %TEMP%\_mei7642\microsoft.vc90.crt.manifest
- %TEMP%\_mei7642\_ctypes.pyd
- %TEMP%\_mei7642\_hashlib.pyd
- %TEMP%\_mei7642\_socket.pyd
- %TEMP%\_mei7642\_ssl.pyd
- %TEMP%\_mei7642\bz2.pyd
- %TEMP%\_mei7642\msvcm90.dll
- %TEMP%\_mei7642\msvcp90.dll
- %TEMP%\_mei7642\msvcr90.dll
- %TEMP%\_mei7642\pyexpat.pyd
- %TEMP%\_mei7642\python27.dll
- %TEMP%\_mei7642\rs4.exe.manifest
- %TEMP%\_mei7642\select.pyd
- %TEMP%\_mei7642\unicodedata.pyd
- %TEMP%\_mei7642\certifi\cacert.pem
- C:\users\public\windows.exe
- '3.###.143.41':21437
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Windows /t REG_SZ /d "C:\Users\Public\Windows.exe""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\_MEI7642\Note.txt"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Windows /t REG_SZ /d "C:\Users\Public\Windows.exe""
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\_MEI7642\Note.txt"
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Windows /t REG_SZ /d "C:\Users\Public\Windows.exe"