Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05D96F71-87C6-11D3-9BE4-00902742D6E0}\DownloadInformation] 'CODEBASE' = 'http://quickr.acme.com/qp2.cab'
- <SYSTEM32>\msvcr71.dll
- %WINDIR%\Temp\ActiveXControl\install.bat
- %WINDIR%\Temp\ActiveXControl\MSVCRT.CAB
- %WINDIR%\Temp\ActiveXControl\qp.vbs
- %WINDIR%\Temp\ActiveXControl\qp2.cab
- %WINDIR%\Temp\ActiveXControl\qp2.reg
- %WINDIR%\Temp\ActiveXControl\qpsilent.vbs
- %WINDIR%\Downloaded Program Files\qp2.dll
- %WINDIR%\Downloaded Program Files\qp2.inf
- %WINDIR%\Downloaded Program Files\qp2.cab
- %WINDIR%\Downloaded Program Files\qp2.reg
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%WINDIR%\Temp\ActiveXControl\qpsilent.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Temp\ActiveXControl\install.bat" "
- '<SYSTEM32>\expand.exe' qp2.cab -F:qp2.* "%WINDIR%\downloaded program files"
- '<SYSTEM32>\expand.exe' qp2.cab -F:msvcr71.dll "<SYSTEM32>"
- '<SYSTEM32>\regsvr32.exe' /s /u qp2.dll
- '<SYSTEM32>\regsvr32.exe' /s qp2.dll
- '%WINDIR%\regedit.exe' /s qp2.reg