Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKLM>\SOFTWARE\Classes\KmMediaPlayer\shell\open\command] '' = '"%PROGRAM_FILES%\pipi\PIPIPlayer.exe" "%L"'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '%PROGRAM_FILES%\Coopen\Coopen.scr'
Создает или изменяет следующие файлы:
- %HOMEPATH%\Start Menu\Programs\Startup\CoopenІҐ·ЕЖч.lnk
Вредоносные функции:
Создает и запускает на исполнение:
- '%TEMP%\is-7FM3A.tmp\pipi_setup_476.tmp' /SL5="$300E2,5624161,71168,%PROGRAM_FILES%\winrar32\pipi_setup_476.exe" /verysilent
- '%PROGRAM_FILES%\pipi\PIPIPlayer.exe'
- '%PROGRAM_FILES%\winrar32\pipi_setup_476.exe' /verysilent
- '%PROGRAM_FILES%\winrar32\coopen_setup_100180.exe'
- '%PROGRAM_FILES%\winrar32\pipi_dae_476.exe'
Запускает на исполнение:
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\pipi\JfCheck.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\pipi\MCCKMPlayerX.dll"
- '<SYSTEM32>\wscript.exe' "%PROGRAM_FILES%\winrar32\20150118484.jse"
- '<SYSTEM32>\cmd.exe' /c c:\170704062.bat
Изменения в файловой системе:
Создает следующие файлы:
- %PROGRAM_FILES%\pipi\codec\rm\is-BSG8A.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-JOIE7.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-J01O2.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-88995.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-SMF91.tmp
- %PROGRAM_FILES%\pipi\codec\is-P2FRF.tmp
- %PROGRAM_FILES%\pipi\is-BDJ14.tmp
- %PROGRAM_FILES%\pipi\is-2QVNM.tmp
- %PROGRAM_FILES%\pipi\is-N813K.tmp
- %PROGRAM_FILES%\pipi\codec\is-27JH5.tmp
- %PROGRAM_FILES%\pipi\codec\is-BQJGB.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-H21N0.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-8LKP0.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-6HDT4.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-9TKIT.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-BDCD1.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-2D0D8.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-KG2N6.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-UT31U.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-272VL.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-98LSV.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-JOM15.tmp
- %PROGRAM_FILES%\pipi\is-4GKHH.tmp
- %HOMEPATH%\Start Menu\Programs\Coopen\CoopenІҐ·ЕЖч.lnk
- %PROGRAM_FILES%\pipi\is-SLOPH.tmp
- %PROGRAM_FILES%\pipi\is-5G9SH.tmp
- %PROGRAM_FILES%\pipi\is-2RQHQ.tmp
- %PROGRAM_FILES%\pipi\is-8NATC.tmp
- %PROGRAM_FILES%\pipi\is-5FJ1T.tmp
- %PROGRAM_FILES%\pipi\is-PKO8T.tmp
- %PROGRAM_FILES%\pipi\is-TQJT9.tmp
- %PROGRAM_FILES%\pipi\is-MJNHP.tmp
- %PROGRAM_FILES%\pipi\is-6G6TA.tmp
- %PROGRAM_FILES%\pipi\is-3D9KU.tmp
- %PROGRAM_FILES%\pipi\is-NO7QA.tmp
- %PROGRAM_FILES%\pipi\is-T8H8B.tmp
- %PROGRAM_FILES%\pipi\is-VOVU8.tmp
- %PROGRAM_FILES%\pipi\is-D0NGK.tmp
- %PROGRAM_FILES%\pipi\is-V24GE.tmp
- %PROGRAM_FILES%\pipi\is-4FTIA.tmp
- %PROGRAM_FILES%\pipi\is-GUV89.tmp
- %PROGRAM_FILES%\pipi\is-01UGO.tmp
- %PROGRAM_FILES%\pipi\is-EDV3A.tmp
- %PROGRAM_FILES%\pipi\is-52Q64.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-B3JVD.tmp
- %HOMEPATH%\Desktop\PIPI Player.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\PIPI\Uninstall PIPI.lnk
- %PROGRAM_FILES%\pipi\config\skin.ini
- <SYSTEM32>\pncrt.dll
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\PIPI Player.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\PIPI\88488 Web Directory.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\PIPI\PIPI WebPlayer.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\PIPI\Media File Association.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\PIPI\Online Shopping.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\PIPI\FAQ on the web.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\PIPI\PIPI on the web.lnk
- %PROGRAM_FILES%\pipi\config\player.stat
- <SYSTEM32>\smss.exe:1998166001.jse
- <SYSTEM32>\config\mcckmplayervod.ini
- %TEMP%\jfcheck.conf.new
- %PROGRAM_FILES%\pipi\config\pfplayertemp.ini
- %WINDIR%\explorer.exe:1998166001.jse
- %PROGRAM_FILES%\pipi\unins000.dat
- %PROGRAM_FILES%\pipi\jfCacheMgr.url
- %PROGRAM_FILES%\pipi\config\partner.ini
- %PROGRAM_FILES%\pipi\config\mcckmplayervod.ini
- %PROGRAM_FILES%\pipi\config\config.ini
- %PROGRAM_FILES%\pipi\config\is-0J7UU.tmp
- %PROGRAM_FILES%\pipi\config\is-2OGJ6.tmp
- %PROGRAM_FILES%\Coopen\uninst.exe
- %PROGRAM_FILES%\pipi\config\is-GKME3.tmp
- %PROGRAM_FILES%\pipi\config\is-5QKTU.tmp
- %PROGRAM_FILES%\pipi\config\is-01VOM.tmp
- %PROGRAM_FILES%\pipi\config\is-DTLT9.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-M09A5.tmp
- %PROGRAM_FILES%\pipi\config\is-VS6F1.tmp
- %PROGRAM_FILES%\pipi\config\is-9ETFR.tmp
- %PROGRAM_FILES%\pipi\config\is-58P34.tmp
- %PROGRAM_FILES%\pipi\Plugins\is-JENLQ.tmp
- %PROGRAM_FILES%\pipi\Plugins\is-GJ4UI.tmp
- %PROGRAM_FILES%\pipi\Plugins\is-GHL68.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\PIPI\PIPI Player.lnk
- %HOMEPATH%\Desktop\Coopen.lnk
- %PROGRAM_FILES%\pipi\config\is-MI606.tmp
- %PROGRAM_FILES%\pipi\config\is-3T994.tmp
- %PROGRAM_FILES%\Coopen\conf\All Users.ini
- %PROGRAM_FILES%\Coopen\conf\%USERNAME%.ini
- %PROGRAM_FILES%\pipi\config\is-D0D85.tmp
- %PROGRAM_FILES%\pipi\config\is-FQ83J.tmp
- %PROGRAM_FILES%\pipi\is-QAD8U.tmp
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Button_Channel.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Background.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Button_Close.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Button_Next.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Button_Commit.png
- %PROGRAM_FILES%\Coopen\Templete\CoopenPhoto.jpg
- %PROGRAM_FILES%\Coopen\Templete\ModeC.tpl
- %PROGRAM_FILES%\Coopen\licence.txt
- %TEMP%\is-7FM3A.tmp\pipi_setup_476.tmp
- %PROGRAM_FILES%\Coopen\Templete\ModeB_logo.jpg
- %PROGRAM_FILES%\Coopen\Templete\ModeB.tpl
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Indicator2.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Indicator1.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\MainIcon.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Notify.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Message.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\CheckU.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Button_Play.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Button_Pause.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Button_Prev.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\CheckC.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Button_Widget.png
- %PROGRAM_FILES%\winrar32\pipi_dae_476.exe
- %TEMP%\nsz2.tmp
- %TEMP%\nsj3.tmp\System.dll
- %TEMP%\nsj3.tmp\KillProcDLL.dll
- C:\CCPMachineInfo.dll
- %PROGRAM_FILES%\winrar32\20150118484.jse
- %PROGRAM_FILES%\winrar32\coopen_setup_100180.exe
- C:\7ACCBF2E.log
- <SYSTEM32>\fswf.ico
- %PROGRAM_FILES%\winrar32\winrar32.jse
- <SYSTEM32>\tbao.ico
- %TEMP%\nsj3.tmp\install.bmp
- %PROGRAM_FILES%\Coopen\conf\PluginConfig.ini
- %PROGRAM_FILES%\Coopen\CoopenAir.exe
- %PROGRAM_FILES%\Coopen\CoopenActiveControl109.dll
- %PROGRAM_FILES%\Coopen\CoopenMainManager.dll
- %PROGRAM_FILES%\Coopen\conf\ChannelListReal.txt
- %WINDIR%\msconfig.jse
- %WINDIR%\7E3924EC.dll
- C:\170704062.bat
- %PROGRAM_FILES%\Coopen\Coopen.exe
- %PROGRAM_FILES%\winrar32\pipi_setup_476.exe
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Progress.png
- %TEMP%\is-NA17I.tmp\setupwelcome.bmp
- %TEMP%\is-NA17I.tmp\topWizardSmallImageFile.jpg
- %TEMP%\is-NA17I.tmp\google_logo.bmp
- %TEMP%\is-NA17I.tmp\wizard_recommand.bmp
- %TEMP%\is-NA17I.tmp\baidu_logo.bmp
- %TEMP%\is-NA17I.tmp\wizard_recommand.jpg
- %TEMP%\is-NA17I.tmp\google_logo.jpg
- %PROGRAM_FILES%\Coopen\image\Photo\local Photo\B_0.jpg
- %TEMP%\is-NA17I.tmp\baidu_logo.jpg
- %PROGRAM_FILES%\Coopen\image\Photo\local Photo\ModeBList.ini
- %PROGRAM_FILES%\Coopen\image\Photo\local Photo\B_1.jpg
- %PROGRAM_FILES%\pipi\is-L0VRL.tmp
- %PROGRAM_FILES%\pipi\is-B1B9B.tmp
- %PROGRAM_FILES%\pipi\is-3L8JD.tmp
- %PROGRAM_FILES%\pipi\is-EMMDQ.tmp
- %PROGRAM_FILES%\pipi\is-UD5NE.tmp
- %PROGRAM_FILES%\pipi\is-QJTV4.tmp
- %PROGRAM_FILES%\pipi\is-O7OE9.tmp
- %TEMP%\is-NA17I.tmp\topWizardSmallImageFile.bmp
- %PROGRAM_FILES%\pipi\is-FB9Q5.tmp
- %PROGRAM_FILES%\pipi\is-TDVHH.tmp
- %PROGRAM_FILES%\pipi\is-APR8L.tmp
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\RadioU.png
- %TEMP%\is-NA17I.tmp\_isetup\_shfoldr.dll
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Synopsis1.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\SkinClose.ini
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\SkinClient.ini
- %TEMP%\is-NA17I.tmp\_isetup\_RegDLL.tmp
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Push_Config.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Push_Cancel.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Push_Confirm.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\RadioC.png
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Push_Folder.png
- %PROGRAM_FILES%\Coopen\image\Wallpaper\local wallpaper\ModeAList.ini
- %TEMP%\is-NA17I.tmp\gtapi_signed.dll
- %PROGRAM_FILES%\Coopen\image\Wallpaper\coopen wallpaper\DefaultCoopenWallpaper.jpg
- %TEMP%\is-NA17I.tmp\setupwelcome.jpg
- %PROGRAM_FILES%\Coopen\image\Wallpaper\coopen wallpaper\PicList.ini
- %PROGRAM_FILES%\Coopen\image\Wallpaper\local wallpaper\DefaultCoopenWallpaper.jpg
- %PROGRAM_FILES%\Coopen\Resource\SkinFormal\Synopsis1.ini
- %TEMP%\is-NA17I.tmp\jpg2bmp.dll
- %PROGRAM_FILES%\Coopen\Templete\DefaultCoopenWallpaper.jpg
- %PROGRAM_FILES%\Coopen\Coopen.scr
- %TEMP%\is-NA17I.tmp\PIPIRecommend.dll
Присваивает атрибут 'скрытый' для следующих файлов:
- %WINDIR%\system\SVCHOST.EXE
- %PROGRAM_FILES%\winrar32\20150118484.jse
- %PROGRAM_FILES%\winrar32\winrar32.jse
Удаляет следующие файлы:
- %TEMP%\nsj3.tmp\System.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\jfcheck[1].conf
- %TEMP%\nsj3.tmp\KillProcDLL.dll
- %PROGRAM_FILES%\pipi\jfCacheMgr.exe
- %TEMP%\nsj3.tmp\install.bmp
Перемещает следующие файлы:
- %PROGRAM_FILES%\pipi\codec\rm\is-2D0D8.tmp в %PROGRAM_FILES%\pipi\codec\rm\pncrt.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-8LKP0.tmp в %PROGRAM_FILES%\pipi\codec\rm\raac.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-JOM15.tmp в %PROGRAM_FILES%\pipi\codec\rm\drvc.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-98LSV.tmp в %PROGRAM_FILES%\pipi\codec\rm\hxltcolor.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-H21N0.tmp в %PROGRAM_FILES%\pipi\codec\rm\ralf.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-9TKIT.tmp в %PROGRAM_FILES%\pipi\codec\rm\rv30.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-B3JVD.tmp в %PROGRAM_FILES%\pipi\codec\rm\rv40.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-6HDT4.tmp в %PROGRAM_FILES%\pipi\codec\rm\rv10.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-BDCD1.tmp в %PROGRAM_FILES%\pipi\codec\rm\rv20.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-BSG8A.tmp в %PROGRAM_FILES%\pipi\codec\rm\28_83260.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-J01O2.tmp в %PROGRAM_FILES%\pipi\codec\rm\atrc.dll
- %PROGRAM_FILES%\pipi\codec\is-P2FRF.tmp в %PROGRAM_FILES%\pipi\codec\MPCVideoDec.ax
- %PROGRAM_FILES%\pipi\codec\rm\is-JOIE7.tmp в %PROGRAM_FILES%\pipi\codec\rm\14_43260.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-SMF91.tmp в %PROGRAM_FILES%\pipi\codec\rm\cook.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-KG2N6.tmp в %PROGRAM_FILES%\pipi\codec\rm\drv1.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-272VL.tmp в %PROGRAM_FILES%\pipi\codec\rm\drv2.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-88995.tmp в %PROGRAM_FILES%\pipi\codec\rm\ddnt3260.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-UT31U.tmp в %PROGRAM_FILES%\pipi\codec\rm\dnet3260.dll
- %PROGRAM_FILES%\pipi\config\is-FQ83J.tmp в %PROGRAM_FILES%\pipi\config\tab2_down.bmp
- %PROGRAM_FILES%\pipi\config\is-D0D85.tmp в %PROGRAM_FILES%\pipi\config\tab2_norm.bmp
- %PROGRAM_FILES%\pipi\config\is-GKME3.tmp в %PROGRAM_FILES%\pipi\config\enumwindow.ini
- %PROGRAM_FILES%\pipi\config\is-3T994.tmp в %PROGRAM_FILES%\pipi\config\partner.ini
- %PROGRAM_FILES%\pipi\config\is-MI606.tmp в %PROGRAM_FILES%\pipi\config\tab2_over.bmp
- %PROGRAM_FILES%\pipi\Plugins\is-GHL68.tmp в %PROGRAM_FILES%\pipi\Plugins\KmUdx.dll
- %TEMP%\jfcheck.conf.new в %APPDATA%\PIPI\jfcheck.conf
- %PROGRAM_FILES%\pipi\Plugins\is-GJ4UI.tmp в %PROGRAM_FILES%\pipi\Plugins\KmHashFile.dll
- %PROGRAM_FILES%\pipi\Plugins\is-JENLQ.tmp в %PROGRAM_FILES%\pipi\Plugins\KmTransmit.dll
- %PROGRAM_FILES%\pipi\config\is-VS6F1.tmp в %PROGRAM_FILES%\pipi\config\acl.cnc.conf
- %PROGRAM_FILES%\pipi\config\is-58P34.tmp в %PROGRAM_FILES%\pipi\config\acl.crtc.conf
- %PROGRAM_FILES%\pipi\codec\rm\is-M09A5.tmp в %PROGRAM_FILES%\pipi\codec\rm\sipr.dll
- %PROGRAM_FILES%\pipi\config\is-DTLT9.tmp в %PROGRAM_FILES%\pipi\config\acl.cmcc.conf
- %PROGRAM_FILES%\pipi\config\is-9ETFR.tmp в %PROGRAM_FILES%\pipi\config\acl.edu.conf
- %PROGRAM_FILES%\pipi\config\is-0J7UU.tmp в %PROGRAM_FILES%\pipi\config\clienttype.ini
- %PROGRAM_FILES%\pipi\config\is-5QKTU.tmp в %PROGRAM_FILES%\pipi\config\config.ini
- %PROGRAM_FILES%\pipi\config\is-01VOM.tmp в %PROGRAM_FILES%\pipi\config\acl.greatwall.conf
- %PROGRAM_FILES%\pipi\config\is-2OGJ6.tmp в %PROGRAM_FILES%\pipi\config\acl.telecom.conf
- %PROGRAM_FILES%\pipi\codec\is-27JH5.tmp в %PROGRAM_FILES%\pipi\codec\CoreAVC.ax
- %PROGRAM_FILES%\pipi\is-PKO8T.tmp в %PROGRAM_FILES%\pipi\jpg2bmp.dll
- %PROGRAM_FILES%\pipi\is-5FJ1T.tmp в %PROGRAM_FILES%\pipi\KmBugslayerUtil.dll
- %PROGRAM_FILES%\pipi\is-EMMDQ.tmp в %PROGRAM_FILES%\pipi\JfCheck.dll
- %PROGRAM_FILES%\pipi\is-QAD8U.tmp в %PROGRAM_FILES%\pipi\jfres_plug.dll
- %PROGRAM_FILES%\pipi\is-TQJT9.tmp в %PROGRAM_FILES%\pipi\KmFileTypeSetting.exe
- %PROGRAM_FILES%\pipi\is-8NATC.tmp в %PROGRAM_FILES%\pipi\MCCKMPlayerX.dll
- %PROGRAM_FILES%\pipi\is-4GKHH.tmp в %PROGRAM_FILES%\pipi\MFC71.dll
- %PROGRAM_FILES%\pipi\is-6G6TA.tmp в %PROGRAM_FILES%\pipi\KmLiveUpdate.exe
- %PROGRAM_FILES%\pipi\is-MJNHP.tmp в %PROGRAM_FILES%\pipi\libdb43.dll
- %PROGRAM_FILES%\pipi\is-APR8L.tmp в %PROGRAM_FILES%\pipi\baidu_logo.JPG
- %PROGRAM_FILES%\pipi\is-TDVHH.tmp в %PROGRAM_FILES%\pipi\dbghelp.dll
- %PROGRAM_FILES%\pipi\is-O7OE9.tmp в %PROGRAM_FILES%\pipi\unins000.exe
- %PROGRAM_FILES%\pipi\is-FB9Q5.tmp в %PROGRAM_FILES%\pipi\jfCacheMgr.exe
- %PROGRAM_FILES%\pipi\is-QJTV4.tmp в %PROGRAM_FILES%\pipi\google_logo.JPG
- %PROGRAM_FILES%\pipi\is-3L8JD.tmp в %PROGRAM_FILES%\pipi\jfCacheMgr.exe
- %PROGRAM_FILES%\pipi\is-UD5NE.tmp в %PROGRAM_FILES%\pipi\jfcheck.conf
- %PROGRAM_FILES%\pipi\is-B1B9B.tmp в %PROGRAM_FILES%\pipi\gtapi_signed.dll
- %PROGRAM_FILES%\pipi\is-L0VRL.tmp в %PROGRAM_FILES%\pipi\HttpDownLoad.exe
- %PROGRAM_FILES%\pipi\is-T8H8B.tmp в %PROGRAM_FILES%\pipi\setupwelcome.JPG
- %PROGRAM_FILES%\pipi\is-D0NGK.tmp в %PROGRAM_FILES%\pipi\sqlite3.dll
- %PROGRAM_FILES%\pipi\is-NO7QA.tmp в %PROGRAM_FILES%\pipi\pphelp.url
- %PROGRAM_FILES%\pipi\is-3D9KU.tmp в %PROGRAM_FILES%\pipi\ppwebnav.url
- %PROGRAM_FILES%\pipi\is-VOVU8.tmp в %PROGRAM_FILES%\pipi\topWizardSmallImageFile.jpg
- %PROGRAM_FILES%\pipi\is-N813K.tmp в %PROGRAM_FILES%\pipi\wizard_recommand.JPG
- %PROGRAM_FILES%\pipi\codec\is-BQJGB.tmp в %PROGRAM_FILES%\pipi\codec\CoreAAC.ax
- %PROGRAM_FILES%\pipi\is-2QVNM.tmp в %PROGRAM_FILES%\pipi\uninstall.ico
- %PROGRAM_FILES%\pipi\is-BDJ14.tmp в %PROGRAM_FILES%\pipi\webplayer.url
- %PROGRAM_FILES%\pipi\is-5G9SH.tmp в %PROGRAM_FILES%\pipi\PIPIPlayer.exe
- %PROGRAM_FILES%\pipi\is-GUV89.tmp в %PROGRAM_FILES%\pipi\PIPIRecommend.dll
- %PROGRAM_FILES%\pipi\is-SLOPH.tmp в %PROGRAM_FILES%\pipi\msvcp71.dll
- %PROGRAM_FILES%\pipi\is-2RQHQ.tmp в %PROGRAM_FILES%\pipi\msvcr71.dll
- %PROGRAM_FILES%\pipi\is-4FTIA.tmp в %PROGRAM_FILES%\pipi\pipisp.ico
- %PROGRAM_FILES%\pipi\is-EDV3A.tmp в %PROGRAM_FILES%\pipi\PIPIWebPlayer.ocx
- %PROGRAM_FILES%\pipi\is-V24GE.tmp в %PROGRAM_FILES%\pipi\player.swf
- %PROGRAM_FILES%\pipi\is-01UGO.tmp в %PROGRAM_FILES%\pipi\pipisp.url
- %PROGRAM_FILES%\pipi\is-52Q64.tmp в %PROGRAM_FILES%\pipi\PIPIStartSvr.exe
Сетевая активность:
Подключается к:
- 'mi##.pipi.cn':80
- 'www.pi#i.cn':80
- 'localhost':1038
TCP:
Запросы HTTP GET:
- mi##.pipi.cn/mini3.html
- www.pi#i.cn/pfup/jfcheck/jfcheck.conf
- www.pi#i.cn/pfup/pfplayer2.ini
- www.pi#i.cn/player/pfadurl.dll?ty#################################################
UDP:
- DNS ASK mi##.pipi.cn
- DNS ASK www.pi#i.cn
Другое:
Ищет следующие окна:
- ClassName: '' WindowName: 'ppfilm_class_cachemgr_title'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MPWClass' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'ppfilm_class' WindowName: ''
- ClassName: '' WindowName: 'cool66byCool66comcn123'
- ClassName: 'progman' WindowName: 'Program Manager'
- ClassName: '' WindowName: 'Coopen@wwwcoopencn'
- ClassName: 'CoopenPlayer' WindowName: '*їЄЖБґ«ГЅ*'
- ClassName: 'CoopenPlayer' WindowName: '*????????*'
