Техническая информация
Для обеспечения автозапуска и распространения:
Создает следующие сервисы:
- [<HKLM>\SYSTEM\ControlSet001\Services\PSI_SVC_2] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\PSI_SVC_2] 'ImagePath' = '"%CommonProgramFiles%\Protexis\License Service\PsiService_2.exe"'
Изменения в файловой системе:
Создает следующие файлы:
- %TEMP%\aut1.tmp
- %WINDIR%\Installer\MSI6.tmp
- %WINDIR%\Installer\3c2c6.ipi
- %WINDIR%\Installer\3c2c4.msi
- %TEMP%\RarSFX0\license-nl.html
- %TEMP%\RarSFX0\license-jp.html
- %TEMP%\RarSFX0\license-it.html
- %TEMP%\RarSFX0\license-fr.html
- %TEMP%\RarSFX0\license-en.html
- %TEMP%\RarSFX0\license-de.html
- %TEMP%\RarSFX0\Installing.html
- %TEMP%\RarSFX0\installerListURL.configuration
- %TEMP%\RarSFX0\InstallerList.html
- %TEMP%\RarSFX0\install.cmd
- %TEMP%\RarSFX0\HelperDLL.dll
- %TEMP%\RarSFX0\Complete.html
- %TEMP%\RarSFX0\CheckUpdate.html
- %TEMP%\RarSFX0\Agreement_ueip.html
- %TEMP%\RarSFX0\Agreement.html
- %TEMP%\RarSFX0\NLR\Ultimate\VUPCUNLR.dll
- %TEMP%\RarSFX0\NLR\Standard\VGPCUNLR.DLL
- %TEMP%\RarSFX0\NLR\Pro\VTPCUNLR.dll
- %TEMP%\RarSFX0\Lang\EN\PCUDataIntl.DLL
- %TEMP%\RarSFX0\js\welcome.js
- %TEMP%\RarSFX0\js\stubparams2.js
- %TEMP%\RarSFX0\js\stubparams.js
- %TEMP%\RarSFX0\js\SNWait.js
- %TEMP%\RarSFX0\js\register.js
- %TEMP%\RarSFX0\js\jquery-ui.min.js
- %TEMP%\RarSFX0\js\jquery-1.11.2.min.js
- %TEMP%\RarSFX0\js\installListPage.js
- %TEMP%\RarSFX0\js\installparams.js
- %WINDIR%\Installer\MSI7.tmp
- %TEMP%\CAMSIC21.tmp
- %ALLUSERSPROFILE%\Application Data\Corel\VSPro\Version19\Video.dta
- %WINDIR%\Installer\MSI9.tmp
- %CommonProgramFiles%\Protexis\License Service\PSIKey-33001.dll
- %CommonProgramFiles%\Protexis\License Service\PsiService_2.exe
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\trialSkin\1241638714996.txt.css
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\shared\Images\Button\button_blue_rightcap.gif
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\shared\Images\Button\button_blue_middle.gif
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\shared\Images\Button\button_blue_leftcap.gif
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\shared\Images\banner.jpg
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\shared\messaging.js
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\shared\ccc.js
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\shared\ccc.css
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\genericSkin\1248383926732.txt.css
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\1315601236279\mainimage_30days,31.jpg
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\1315601236254\mainimage_30days,31.jpg
- %TEMP%\RarSFX0\images\help.png
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\1315601236254\body.htm
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\1315601236254\bg,30.jpg
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\1315601236203\mainimage_30days,31.jpg
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\1315601236203\body.htm
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\1315601236178\mainimage_30days,31.jpg
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\1315601236178\body.htm
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\WorkflowMessages.xml
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\workflowdef.xml
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\container.htm
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Messages\skin\skin.css
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Messages\Messages.xml
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Message.policy
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en.zip
- C:\Config.Msi\3c2c7.rbs
- %TEMP%\RarSFX0\js\installingPage.js
- %TEMP%\RarSFX0\js\installerlist.js
- %TEMP%\RarSFX0\js\external.js.dev
- %TEMP%\RarSFX0\ueip-nl.html
- %TEMP%\RarSFX0\ueip-jp.html
- %TEMP%\RarSFX0\ueip-it.html
- %TEMP%\RarSFX0\ueip-fr.html
- %TEMP%\RarSFX0\ueip-en.html
- %TEMP%\RarSFX0\ueip-de.html
- %TEMP%\RarSFX0\SNWait.html
- %TEMP%\RarSFX0\SerChckV2.DLL
- %TEMP%\RarSFX0\Register.html
- %TEMP%\RarSFX0\PsiClient.dll
- %TEMP%\RarSFX0\PreinstallIPM.msi
- %TEMP%\RarSFX0\Pixie.dll
- %TEMP%\RarSFX0\PCUPOSA5Y.DLL
- %TEMP%\RarSFX0\PCUPOSA5X.DLL
- %TEMP%\RarSFX0\PCUPOSA5W.DLL
- %TEMP%\RarSFX0\MSICrlPCU.DLL
- %TEMP%\RarSFX0\Load.html
- %TEMP%\RarSFX0\license-zh.html
- %TEMP%\RarSFX0\license-tw.html
- %WINDIR%\Migration\WTR\installfiles\install\del.cmd
- %TEMP%\aut5.tmp
- %WINDIR%\Migration\WTR\installfiles\install\on.cmd
- %TEMP%\aut4.tmp
- %WINDIR%\Migration\WTR\installfiles\install\patch.exe
- %TEMP%\aut3.tmp
- %WINDIR%\Migration\WTR\installfiles\install\crack.exe
- %TEMP%\aut2.tmp
- %WINDIR%\Migration\WTR\installfiles\install\DenSpike.gif
- %TEMP%\RarSFX0\ueip-zh.html
- %TEMP%\RarSFX0\Update.html
- %TEMP%\RarSFX0\ueip-tw.html
- %TEMP%\RarSFX0\VUPCUNLR.dll
- %TEMP%\RarSFX0\js\external.js
- %TEMP%\RarSFX0\Welcome.html
- %TEMP%\RarSFX0\js\contents.js
- %TEMP%\RarSFX0\images\update\logo.png
- %TEMP%\RarSFX0\images\update\BG.png
- %TEMP%\RarSFX0\images\update\bar2.png
- %TEMP%\RarSFX0\images\update\BAR1.png
- %TEMP%\RarSFX0\images\selected.png
- %TEMP%\RarSFX0\images\ProgressBar.png
- %TEMP%\RarSFX0\images\Progress.png
- %TEMP%\RarSFX0\images\passed.png
- %TEMP%\RarSFX0\images\minimize_hover.png
- %TEMP%\RarSFX0\images\minimize_active.png
- %TEMP%\RarSFX0\images\minimize.png
- %TEMP%\RarSFX0\images\lock.png
- %ALLUSERSPROFILE%\Application Data\Corel\Messages\540228840_907002\en\MessageCache1\Workflow\1315601236279\body.htm
- %WINDIR%\Installer\3c2c8.msi
- %TEMP%\RarSFX0\images\gou.png
- %TEMP%\RarSFX0\images\close_hover.png
- %TEMP%\RarSFX0\images\close_active.png
- %TEMP%\RarSFX0\images\close.png
- %TEMP%\RarSFX0\images\checkbox.png
- %TEMP%\RarSFX0\images\btn_hover.png
- %TEMP%\RarSFX0\images\btn_disable.png
- %TEMP%\RarSFX0\images\btn_active.png
- %TEMP%\RarSFX0\images\btn.png
- %TEMP%\RarSFX0\images\BG_W.png
- %TEMP%\RarSFX0\images\BG.png
- %TEMP%\RarSFX0\images\ajax-loader.gif
- %TEMP%\RarSFX0\css\style.css
- %TEMP%\RarSFX0\css\jquery-ui.css
- %TEMP%\RarSFX0\images\installed.png
- %WINDIR%\Installer\{0F23FF2D-976A-4B27-AA8F-424DB0E8C3D1}\ARPPRODUCTICON.exe
Удаляет следующие файлы:
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut5.tmp
- %WINDIR%\Installer\MSI7.tmp
- %WINDIR%\Installer\MSI9.tmp
- %WINDIR%\Installer\MSI6.tmp
- C:\Config.Msi\3c2c7.rbs
- %WINDIR%\Installer\3c2c4.msi
- %WINDIR%\Installer\3c2c6.ipi
Другое:
Ищет следующие окна:
- ClassName: 'BUTTON' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
Создает и запускает на исполнение:
- '%WINDIR%\Migration\WTR\installfiles\install\crack.exe'
- '%CommonProgramFiles%\Protexis\License Service\PsiService_2.exe'
Запускает на исполнение:
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\Migration\WTR\installfiles\install\on.cmd
- '<SYSTEM32>\ipconfig.exe' /renew
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\install.cmd" "
- '<SYSTEM32>\msiexec.exe' /i "%TEMP%\RarSFX0\PreinstallIPM.msi" /qn
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' -Embedding 4E439663DCCE4DA071DEB28EC920296E
- '<SYSTEM32>\msiexec.exe' -Embedding B63CAEFD0F1B52BBDDE9D4B9A43286B6 M Global\MSI0000
