Техническая информация
- [<HKLM>\SOFTWARE\Classes\Applications\uninstall.exe\shell\open\command] '' = '%WINDIR%\uninstall.exe "%1" %*'
- '%WINDIR%\uninstall.exe'
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 1
- '<SYSTEM32>\cmd.exe' /c %PROGRAM_FILES%\userpic\qr.bat
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\copy.bat
- '<SYSTEM32>\regsvr32.exe' /s <SYSTEM32>\scrrun.dll
- '<SYSTEM32>\regsvr32.exe' /s <SYSTEM32>\wshom.ocx
- %PROGRAM_FILES%\userpic\qr.TXT
- %PROGRAM_FILES%\userpic\qr.VBE
- %PROGRAM_FILES%\userpic\qr.bat
- %WINDIR%\uninstall.exe
- %WINDIR%\copy.bat
- %PROGRAM_FILES%\userpic\qr.TXT
- %TEMP%\~DF41CB.tmp