Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %TEMP%\IXP000.TMP\NicoDerm_Client_Setup.msi
- %TEMP%\IXP000.TMP\Setup.Exe
- %TEMP%\IXP000.TMP\Setup.Ini
- %TEMP%\CFG1.tmp
- %TEMP%\2211a.msi
- %TEMP%\MSI2.tmp
- %TEMP%\CFG3.tmp
- %TEMP%\MSI4.tmp
- %TEMP%\MSI2.tmp
- %TEMP%\MSI4.tmp
- '%TEMP%\IXP000.TMP\Setup.Exe'
- '<SYSTEM32>\msiexec.exe' /i "%TEMP%\IXP000.TMP\NicoDerm_Client_Setup.msi"
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' -Embedding 8E03A7465E15A3222E5EC907BBDD81D0 C