Technical Information
- %TEMP%\PPTV(pplive)_for114_79412.exe
- %TEMP%\PPTV(pplive)_for114_79412.exe (downloaded from the Internet)
- %TEMP%\PPTV(pplive)_for114_79412.exe
- 'www.fu##.##angxueche.com':80
- www.fu##.##angxueche.com/cpafiles/PPTV(pplive)_for114_79412.exe
- DNS ASK www.fu##.##angxueche.com
- '<Private IP address>':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''