Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '360Цч¶Ї·АУщ.exe' = '<SYSTEM32>\360Цч¶Ї·АУщ.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'cccopy30117' = '<SYSTEM32>\386.exe'
- <SYSTEM32>\PPTV(pplive)_forjieku_72790.exe
- <SYSTEM32>\386.exe
- <SYSTEM32>\PPTV(pplive)_forjieku_72790.exe (загружен из сети Интернет)
- <SYSTEM32>\PPTV(pplive)_forjieku_72790.exe
- <SYSTEM32>\360Цч¶Ї·АУщ.exe
- <SYSTEM32>\386.exe
- %HOMEPATH%\Desktop\XXOOФЪПЯј¤ЗйіЙИЛµзУ°.url
- 'www.cc##py.net':828
- 'u.##363.com':80
- u.##363.com/pplfjk/PPTV(pplive)_forjieku_72790.exe
- DNS ASK www.cc##py.net
- DNS ASK u.##363.com
- ClassName: 'PPLiveGUI' WindowName: 'PPTV???????? V3.1.3.0042 ????'