Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'update' = '%APPDATA%\Windows Explorer.exe'
- %TEMP%\_mei23042\backdoor.exe.manifest
- %TEMP%\_mei23042\vcruntime140.dll
- %TEMP%\_mei23042\_bz2.pyd
- %TEMP%\_mei23042\_hashlib.pyd
- %TEMP%\_mei23042\_lzma.pyd
- %TEMP%\_mei23042\_socket.pyd
- %TEMP%\_mei23042\_ssl.pyd
- %TEMP%\_mei23042\libcrypto-1_1-x64.dll
- %TEMP%\_mei23042\libssl-1_1-x64.dll
- %TEMP%\_mei23042\pyexpat.pyd
- %TEMP%\_mei23042\python37.dll
- %TEMP%\_mei23042\select.pyd
- %TEMP%\_mei23042\tinyaes.cp37-win_amd64.pyd
- %TEMP%\_mei23042\unicodedata.pyd
- %TEMP%\_mei23042\base_library.zip
- %APPDATA%\windows explorer.exe
- '17#.20.10.7':8080
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "%APPDATA%\Windows Explorer.exe""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "%APPDATA%\Windows Explorer.exe""
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "%APPDATA%\Windows Explorer.exe"