Technical Information
- '<Current directory>\Config\SignTool.exe' catdb oem51.cat
- '<Current directory>\Config\SignTool.exe' catdb oem50.cat
- '<Current directory>\Config\SignTool.exe' catdb oem52.cat
- '<Current directory>\Config\xCertMgr.exe' -add xatiilhag.cer -s -r localMachine root
- '<Current directory>\Config\SignTool.exe' catdb oem53.cat
- '<Current directory>\Config\SignTool.exe' catdb /r oem50.cat
- '<Current directory>\hstart.exe' /NOCONSOLE "main100.cmd"
- '<Current directory>\Config\SignTool.exe' catdb /r oem51.cat
- '<Current directory>\Config\SignTool.exe' catdb /r oem53.cat
- '<Current directory>\Config\SignTool.exe' catdb /r oem52.cat
- '<SYSTEM32>\taskkill.exe' /IM webcam.exe /F
- '<SYSTEM32>\taskkill.exe' /IM netflix.exe /F
- '<SYSTEM32>\attrib.exe' -h xatiilhag.cer
- '<SYSTEM32>\msiexec.exe' /qb /x {22441735-5983-AD2A-5CC5-FA2CCD7EF732} /qn
- '<SYSTEM32>\taskkill.exe' /IM mom.exe /F
- '<SYSTEM32>\taskkill.exe' /IM ccc.exe /F
- '<SYSTEM32>\attrib.exe' -h Signtool.exe
- '<SYSTEM32>\attrib.exe' -h hstart.exe
- '<SYSTEM32>\attrib.exe' -h main100.cmd
- '<SYSTEM32>\attrib.exe' -h xatiilhag1.cer
- '<SYSTEM32>\attrib.exe' -h xatiilhag2.cer
- '<SYSTEM32>\attrib.exe' -h xCertMgr.exe
- '<SYSTEM32>\attrib.exe' +h oem50.cat
- '<SYSTEM32>\attrib.exe' -h oem51.cat
- '<SYSTEM32>\attrib.exe' +h oem51.cat
- '<SYSTEM32>\cmd.exe' /c main100.cmd
- '<SYSTEM32>\setup.exe'
- '<SYSTEM32>\attrib.exe' -h oem50.cat
- '<SYSTEM32>\attrib.exe' +h oem53.cat
- '<SYSTEM32>\msiexec.exe' /qb /x {0FC717D1-25FB-4015-908C-2E9E2124D0FE} /qn
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\attrib.exe' -h oem52.cat
- '<SYSTEM32>\attrib.exe' +h oem52.cat
- '<SYSTEM32>\attrib.exe' -h oem53.cat
- <SYSTEM32>\CatRoot\TMP11.tmp
- <SYSTEM32>\CatRoot\TMP10.tmp
- <SYSTEM32>\CatRoot\TMP12.tmp
- <SYSTEM32>\CatRoot\TMP14.tmp
- <SYSTEM32>\CatRoot\TMP13.tmp
- <SYSTEM32>\CatRoot\TMPC.tmp
- <SYSTEM32>\CatRoot\TMPB.tmp
- <SYSTEM32>\CatRoot\TMPD.tmp
- <SYSTEM32>\CatRoot\TMPF.tmp
- <SYSTEM32>\CatRoot\TMPE.tmp
- <SYSTEM32>\CatRoot\TMP1B.tmp
- <SYSTEM32>\CatRoot\TMP1A.tmp
- <SYSTEM32>\CatRoot\TMP1C.tmp
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem53.cat
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem52.cat
- <SYSTEM32>\CatRoot\TMP16.tmp
- <SYSTEM32>\CatRoot\TMP15.tmp
- <SYSTEM32>\CatRoot\TMP17.tmp
- <SYSTEM32>\CatRoot\TMP19.tmp
- <SYSTEM32>\CatRoot\TMP18.tmp
- <SYSTEM32>\CatRoot\TMPA.tmp
- <Current directory>\Config\oem51.cat
- <Current directory>\Config\oem50.cat
- <Current directory>\Config\oem52.cat
- <Current directory>\Config\oem53.cat
- <Current directory>\Config\SignTool.exe
- <Current directory>\main100.cmd
- <Current directory>\hstart.exe
- <Current directory>\Config\desktop.ini
- <Current directory>\Config\xCertMgr.exe
- <Current directory>\Config\xatiilhag.cer
- <SYSTEM32>\CatRoot\TMP6.tmp
- <SYSTEM32>\CatRoot\TMP5.tmp
- <SYSTEM32>\CatRoot\TMP7.tmp
- <SYSTEM32>\CatRoot\TMP9.tmp
- <SYSTEM32>\CatRoot\TMP8.tmp
- <SYSTEM32>\CatRoot\TMP1.tmp
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem50.cat
- <SYSTEM32>\CatRoot\TMP2.tmp
- <SYSTEM32>\CatRoot\TMP4.tmp
- <SYSTEM32>\CatRoot\TMP3.tmp
- <Current directory>\Config\oem53.cat
- <Current directory>\Config\SignTool.exe
- <Current directory>\Config\oem52.cat
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem53.cat
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem52.cat
- <SYSTEM32>\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem50.cat
- <Current directory>\Config\oem51.cat
- <Current directory>\Config\desktop.ini
- <Current directory>\main100.cmd
- <Current directory>\hstart.exe
- <Current directory>\Config\oem50.cat
- <Current directory>\Config\xCertMgr.exe
- <Current directory>\Config\xatiilhag.cer
- <SYSTEM32>\CatRoot\TMP1A.tmp
- <SYSTEM32>\CatRoot\TMP19.tmp
- <SYSTEM32>\CatRoot\TMP1C.tmp
- <SYSTEM32>\CatRoot\TMP1B.tmp
- <SYSTEM32>\CatRoot\TMP18.tmp
- <SYSTEM32>\CatRoot\TMP15.tmp
- <SYSTEM32>\CatRoot\TMP14.tmp
- <SYSTEM32>\CatRoot\TMP17.tmp
- <SYSTEM32>\CatRoot\TMP16.tmp
- <Current directory>\Config\SignTool.exe
- <Current directory>\Config\xCertMgr.exe
- <Current directory>\main100.cmd
- <Current directory>\hstart.exe
- <Current directory>\Config\xatiilhag.cer
- <Current directory>\Config\oem51.cat
- <Current directory>\Config\oem50.cat
- <Current directory>\Config\oem53.cat
- <Current directory>\Config\oem52.cat
- <SYSTEM32>\CatRoot\TMP13.tmp
- <SYSTEM32>\CatRoot\TMP7.tmp
- <SYSTEM32>\CatRoot\TMP6.tmp
- <SYSTEM32>\CatRoot\TMP9.tmp
- <SYSTEM32>\CatRoot\TMP8.tmp
- <SYSTEM32>\CatRoot\TMP5.tmp
- <SYSTEM32>\CatRoot\TMP1.tmp
- <SYSTEM32>\CatRoot\TMP2.tmp
- <SYSTEM32>\CatRoot\TMP4.tmp
- <SYSTEM32>\CatRoot\TMP3.tmp
- <SYSTEM32>\CatRoot\TMP10.tmp
- <SYSTEM32>\CatRoot\TMPF.tmp
- <SYSTEM32>\CatRoot\TMP12.tmp
- <SYSTEM32>\CatRoot\TMP11.tmp
- <SYSTEM32>\CatRoot\TMPE.tmp
- <SYSTEM32>\CatRoot\TMPB.tmp
- <SYSTEM32>\CatRoot\TMPA.tmp
- <SYSTEM32>\CatRoot\TMPD.tmp
- <SYSTEM32>\CatRoot\TMPC.tmp
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00018.log
- from <SYSTEM32>\CatRoot2\edb0000D.log to <SYSTEM32>\CatRoot2\edbtmp.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0003B.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0003A.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00039.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0003E.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0003D.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0003C.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00035.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00034.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00033.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00038.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00037.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00036.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00047.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00046.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00045.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0004A.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00049.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00048.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00041.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00040.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0003F.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00044.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00043.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00042.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00032.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00022.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00021.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00020.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00025.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00024.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00023.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0001C.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0001B.log
- from <SYSTEM32>\CatRoot2\edbtmp.log to <SYSTEM32>\CatRoot2\edb.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0001F.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0001E.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0001D.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0002E.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0002D.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0002C.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00031.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00030.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0002F.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00028.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00027.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00026.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0002B.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb0002A.log
- from <SYSTEM32>\CatRoot2\edb.log to <SYSTEM32>\CatRoot2\edb00029.log
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'