Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MicrosoftWindowsSearchClient' = '<SYSTEM32>\Microsoft Windows Search Client.exe'
- %TEMP%\_mei1922\microsoft.vc90.crt.manifest
- %TEMP%\_mei1922\_ctypes.pyd
- %TEMP%\_mei1922\_hashlib.pyd
- %TEMP%\_mei1922\_socket.pyd
- %TEMP%\_mei1922\_ssl.pyd
- %TEMP%\_mei1922\bz2.pyd
- %TEMP%\_mei1922\custom_keylogger.exe.manifest
- %TEMP%\_mei1922\msvcm90.dll
- %TEMP%\_mei1922\msvcp90.dll
- %TEMP%\_mei1922\msvcr90.dll
- %TEMP%\_mei1922\python27.dll
- %TEMP%\_mei1922\select.pyd
- %TEMP%\_mei1922\unicodedata.pyd
- <SYSTEM32>\microsoft windows search client.exe
- '<LOCALNET>.1.20':445
- '<LOCALNET>.1.20':139
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v MicrosoftWindowsSearchClient /t REG_SZ /d "<SYSTEM32>\Microsoft Windows Search Client.exe""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v MicrosoftWindowsSearchClient /t REG_SZ /d "<SYSTEM32>\Microsoft Windows Search Client.exe""
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v MicrosoftWindowsSearchClient /t REG_SZ /d "<SYSTEM32>\Microsoft Windows Search Client.exe"