Техническая информация
- '%TEMP%\tmp_setup.exe'
- '%TEMP%\nso3.tmp\SetupHlpr.exe' /delete:{@TEMP}\tmp_setup.exe
- '%TEMP%\nso3.tmp\SetupHlpr.exe' /shellexec:{@TEMP}\tmp_setup.exe^^yes
- '%TEMP%\nso3.tmp\PortForward.exe'
- '%TEMP%\nso3.tmp\SetupHlpr.exe' "/download:http://www.ko###lay.com/setup/setup_addition.exe^{@TEMP}\tmp_setup.exe"
- '%TEMP%\tmp_setup.exe' (загружен из сети Интернет)
- %ALLUSERSPROFILE%\Desktop\ДЪЗЗ.lnk
- %TEMP%\nso3.tmp\PortForward.exe
- %PROGRAM_FILES%\Kopy\msvcr71.dll
- %ALLUSERSPROFILE%\Start Menu\Programs\ДЪЗЗ\ДЪЗЗ.lnk
- %TEMP%\tmp_setup.exe.t00_
- %TEMP%\nso3.tmp\SetupHlpr.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\ДЪЗЗ\ДЪЗЗ »иБ¦.lnk
- %PROGRAM_FILES%\Kopy\Kopy.ico
- %TEMP%\nso3.tmp\KillProcDLL.dll
- %TEMP%\nsz2.tmp
- %PROGRAM_FILES%\Kopy\Kopy.exe
- %PROGRAM_FILES%\Kopy\Uninstall.exe
- %PROGRAM_FILES%\Kopy\ДЪЗЗ.url
- %PROGRAM_FILES%\Kopy\ver.ini
- %TEMP%\tmp_setup.exe
- %PROGRAM_FILES%\Kopy\ver.ini
- %PROGRAM_FILES%\Kopy\Kopy.exe
- %TEMP%\tmp_setup.exe.t00_ в %TEMP%\tmp_setup.exe
- 'www.ko###lay.com':80
- www.ko###lay.com/setup/ver.ini
- www.ko###lay.com/setup/setup_addition.exe
- DNS ASK www.ko###lay.com
- 'localhost':1042
- 'localhost':1041
- '23#.#55.255.250':1900
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''