Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windowsx64' = '%APPDATA%\windowsx64.exe'
- %TEMP%\_mei7322\microsoft.vc90.crt.manifest
- %TEMP%\_mei7322\_ctypes.pyd
- %TEMP%\_mei7322\_hashlib.pyd
- %TEMP%\_mei7322\_socket.pyd
- %TEMP%\_mei7322\_ssl.pyd
- %TEMP%\_mei7322\bolod1.exe.manifest
- %TEMP%\_mei7322\bz2.pyd
- %TEMP%\_mei7322\msvcm90.dll
- %TEMP%\_mei7322\msvcp90.dll
- %TEMP%\_mei7322\msvcr90.dll
- %TEMP%\_mei7322\python27.dll
- %TEMP%\_mei7322\select.pyd
- %TEMP%\_mei7322\unicodedata.pyd
- %TEMP%\_mei7322\include\pyconfig.h
- %APPDATA%\windowsx64.exe
- '19#.#61.193.99':21923
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Windowsx64 /t REG_SZ /d "%APPDATA%\windowsx64.exe""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Windowsx64 /t REG_SZ /d "%APPDATA%\windowsx64.exe""
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Windowsx64 /t REG_SZ /d "%APPDATA%\windowsx64.exe"