Technical Information
- %TEMP%\_mei6402\rat.exe.manifest
- %TEMP%\_mei6402\win32gui.pyd
- %TEMP%\_mei6402\win32api.pyd
- %TEMP%\_mei6402\unicodedata.pyd
- %TEMP%\_mei6402\select.pyd
- %TEMP%\_mei6402\pywintypes37.dll
- %TEMP%\_mei6402\python37.dll
- %TEMP%\_mei6402\pyexpat.pyd
- %TEMP%\_mei6402\libssl-1_1.dll
- %TEMP%\_mei6402\libcrypto-1_1.dll
- %TEMP%\_mei6402\_ssl.pyd
- %TEMP%\_mei6402\_socket.pyd
- %TEMP%\_mei6402\_queue.pyd
- %TEMP%\_mei6402\_pytransform.dll
- %TEMP%\_mei6402\_portaudio.cp37-win_amd64.pyd
- %TEMP%\_mei6402\_lzma.pyd
- %TEMP%\_mei6402\_hashlib.pyd
- %TEMP%\_mei6402\_ctypes.pyd
- %TEMP%\_mei6402\_bz2.pyd
- %TEMP%\_mei6402\vcruntime140.dll
- %TEMP%\_mei6402\base_library.zip
- %TEMP%\_mei6402\certifi\cacert.pem
- http://ip##pi.com/json/
- DNS ASK ip##pi.com
- DNS ASK ap#.##legram.org
- '<SYSTEM32>\cmd.exe' /c "chcp 65001 && ipconfig | findstr /i "Default Gateway""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "chcp 65001 && ipconfig | findstr /i "Default Gateway""
- '<SYSTEM32>\chcp.com' 65001
- '<SYSTEM32>\ipconfig.exe'
- '<SYSTEM32>\findstr.exe' /i "Default Gateway"