Техническая информация
- %ALLUSERSPROFILE%\babyiloveyou\windowstask.exe
- %ALLUSERSPROFILE%\babyiloveyou\duilib_u.dll
- %ALLUSERSPROFILE%\babyiloveyou\sqlite3.dll
- %ALLUSERSPROFILE%\babyiloveyou\local.exe
- %LOCALAPPDATA%\{9e5e178c-4870-45de-a7ea-da8a99ce5c86}\windowstask.lnk
- %TEMP%\{ca566df1-f22f-42ed-8490-d816903f07a4}.exe
- %TEMP%\{341294fa-58db-4eb1-b411-2173a51c01e8}
- %TEMP%\hi-013{c8aa1d9c-edac-4332-a5be-2ca45df7fa0a}\{0de30cf0-3551-4b08-a862-e1932fb22ab6}.lnk
- %TEMP%\regworkshop.ini
- %TEMP%\hi-013{c8aa1d9c-edac-4332-a5be-2ca45df7fa0a}\{0de30cf0-3551-4b08-a862-e1932fb22ab6}.lnk
- %TEMP%\{ca566df1-f22f-42ed-8490-d816903f07a4}.exe
- %TEMP%\{341294fa-58db-4eb1-b411-2173a51c01e8}
- '38.##.104.136':21
- '38.##.104.136':52736
- '38.##.206.23':26314
- '38.##.104.136':52739
- '27.##4.45.213':2023
- http://38.##.206.23:26314/32wdqdqds.exe via 38.##.206.23
- '38.##.104.136':21
- '27.##4.45.213':2023
- 'localhost':2022
- ClassName: 'CTXOPConntion_Class' WindowName: ''
- '%ALLUSERSPROFILE%\babyiloveyou\local.exe'
- '%TEMP%\{ca566df1-f22f-42ed-8490-d816903f07a4}.exe' /s "%TEMP%\\{341294FA-58DB-4eb1-B411-2173A51C01E8}"