Technical Information
- %WINDIR%\runn\windowstask.exe
- %WINDIR%\runn\duilib_u.dll
- %WINDIR%\runn\sqlite3.dll
- %WINDIR%\runn\yloux.exe
- %WINDIR%\runn\1.bin
- %LOCALAPPDATA%\{9815a8e4-b086-40de-b87c-6b2b3e4df3f6}\windowstask.lnk
- %TEMP%\{423388ab-a436-4e71-aa70-53e2b149a4ea}.exe
- %TEMP%\{54add774-a925-4f37-aa6b-ab75ad748de9}
- %TEMP%\hi-013{427b70c7-2d44-4397-8727-bbe89b6fd840}\{93993ffd-d179-466d-b0d1-7c3ccc3ef920}.lnk
- %ALLUSERSPROFILE%\quickscreenshot\20231204\20231204163144.jpg
- %TEMP%\regworkshop.ini
- %ALLUSERSPROFILE%\quickscreenshot\20231204\20231204163244.jpg
- %TEMP%\hi-013{427b70c7-2d44-4397-8727-bbe89b6fd840}\{93993ffd-d179-466d-b0d1-7c3ccc3ef920}.lnk
- %TEMP%\{423388ab-a436-4e71-aa70-53e2b149a4ea}.exe
- %TEMP%\{54add774-a925-4f37-aa6b-ab75ad748de9}
- '38.##.101.113':80
- '38.##.205.234':52361
- '15#.#1.64.160':16630
- http://38.##.205.234:52361/MeWindows.exe via 38.##.205.234
- '15#.#1.64.160':16630
- '%WINDIR%\runn\yloux.exe'
- '%TEMP%\{423388ab-a436-4e71-aa70-53e2b149a4ea}.exe' /s "%TEMP%\\{54ADD774-A925-4f37-AA6B-AB75AD748DE9}"
- '%WINDIR%\runn\yloux.exe' ' (with hidden window)