FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.Siggen18.56205

Added to the Dr.Web virus database: 2022-10-08

Virus description added:

Technical Information

Malicious functions
To complicate detection of its presence in the operating system,
blocks execution of the following system utilities:
  • Windows Security Center
blocks the following features:
  • User Account Control (UAC)
Executes the following
  • '%WINDIR%\syswow64\net.exe' stop "wuauserv"
  • '%WINDIR%\syswow64\net.exe' stop "wscsvc"
  • '%WINDIR%\syswow64\net.exe' stop "Sense"
  • '%WINDIR%\syswow64\net.exe' stop "WdNisSvc"
  • '%WINDIR%\syswow64\net.exe' stop "WinDefend"
  • '%WINDIR%\syswow64\net.exe' stop "mpssvc"
  • '%WINDIR%\syswow64\net.exe' stop "EventLog"
  • '%WINDIR%\syswow64\net.exe' stop "SDRSVC"
Modifies file system
Creates the following files
  • %TEMP%\nsn8372.tmp\nsexec.dll
  • %TEMP%\nsn8372.tmp\inetc.dll
  • C:\potentiallyunwanted.exe
Deletes the following files
  • %WINDIR%\syswow64\ac3acm.acm
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnin002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnhp005.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnhp004.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnhp003.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnhp002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prngt004.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prngt003.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prngt002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnge001.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnfx002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnca00y.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnep00l.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnep00f.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnep00e.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnep00d.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnep00c.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnep00b.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnep00a.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnep005.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnep004.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnep003.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnep002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnep00g.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnca00z.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnin003.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnky009.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx009.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx008.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx007.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx006.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx005.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx004.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx003.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnle004.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnle003.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnkm002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnin004.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnky008.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnky007.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnky006.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnky005.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnky004.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnky003.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnky002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnkm005.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnkm004.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnkm003.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnle002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx00b.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx00a.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnca00h.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\ntprint.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB4019990_RTM~31bf3856ad364e35~amd64~~6.1.1.2.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2999226~31bf3856ad364e35~amd64~~6.1.1.5.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2999226_RTM~31bf3856ad364e35~amd64~~6.1.1.5.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2534111~31bf3856ad364e35~amd64~~6.1.1.0.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB2534111_SP1~31bf3856ad364e35~amd64~~6.1.1.0.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB4019990~31bf3856ad364e35~amd64~~6.1.1.2.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB2999226~31bf3856ad364e35~amd64~~6.1.1.5.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB2534111~31bf3856ad364e35~amd64~~6.1.1.0.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB4019990~31bf3856ad364e35~amd64~~6.1.1.2.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB976902_RTM~31bf3856ad364e35~amd64~~6.1.1.17514.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnca00i.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\ntexe.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\nt5.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Networking-MPSSVC-Rules-EnterpriseEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Xps-Foundation-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Xps-Foundation-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WMPNetworkSharingService-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WMPNetworkSharingService-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WMI-SNMP-Provider-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WMI-SNMP-Provider-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\ntpe.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnca00x.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnbr007.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnbr008.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnca00f.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnca00e.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnca00d.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnca00c.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnca00b.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnca00a.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnca003.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnbr00a.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnbr009.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnca00g.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB976932~31bf3856ad364e35~amd64~~6.1.0.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB976933~31bf3856ad364e35~amd64~de-DE~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnbr005.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnbr004.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnbr003.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnbr002.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB976933~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB976933~31bf3856ad364e35~amd64~ja-JP~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB976933~31bf3856ad364e35~amd64~fr-FR~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB976933~31bf3856ad364e35~amd64~es-ES~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_KB976933~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnbr006.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-NetFx3-OC-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx00c.cat
  • %WINDIR%\syswow64\d3dx10_37.dll
  • %WINDIR%\syswow64\d3dcompiler_41.dll
  • %WINDIR%\syswow64\d3dx10_36.dll
  • %WINDIR%\syswow64\d3dx10_35.dll
  • %WINDIR%\syswow64\d3dx10_34.dll
  • %WINDIR%\syswow64\d3dx10_33.dll
  • %WINDIR%\syswow64\d3dx10.dll
  • %WINDIR%\syswow64\d3dcsx_43.dll
  • %WINDIR%\syswow64\d3dcsx_42.dll
  • %WINDIR%\syswow64\d3dcompiler_43.dll
  • %WINDIR%\syswow64\d3dcompiler_42.dll
  • %WINDIR%\syswow64\d3dx10_39.dll
  • %WINDIR%\syswow64\d3dx10_38.dll
  • %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\94308059b57b3142e455b38a6eb92015
  • %WINDIR%\syswow64\d3dcompiler_38.dll
  • %WINDIR%\syswow64\d3dcompiler_37.dll
  • %WINDIR%\syswow64\d3dcompiler_36.dll
  • %WINDIR%\syswow64\d3dcompiler_35.dll
  • %WINDIR%\syswow64\d3dcompiler_34.dll
  • %WINDIR%\syswow64\d3dcompiler_33.dll
  • %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
  • %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015
  • %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\7b2238aaccedc3f1ffe8e7eb5f575ec9
  • %WINDIR%\syswow64\d3dcompiler_39.dll
  • %WINDIR%\syswow64\d3dcompiler_40.dll
  • %WINDIR%\syswow64\d3dx10_41.dll
  • %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\7b2238aaccedc3f1ffe8e7eb5f575ec9
  • %WINDIR%\syswow64\d3dx9_40.dll
  • %WINDIR%\syswow64\d3dx9_39.dll
  • %WINDIR%\syswow64\d3dx9_38.dll
  • %WINDIR%\syswow64\d3dx9_37.dll
  • %WINDIR%\syswow64\d3dx9_36.dll
  • %WINDIR%\syswow64\d3dx9_35.dll
  • %WINDIR%\syswow64\d3dx9_34.dll
  • %WINDIR%\syswow64\d3dx9_33.dll
  • %WINDIR%\syswow64\d3dx9_32.dll
  • %WINDIR%\syswow64\d3dx10_40.dll
  • %WINDIR%\syswow64\d3dx9_41.dll
  • %WINDIR%\syswow64\d3dx9_31.dll
  • %WINDIR%\syswow64\d3dx9_28.dll
  • %WINDIR%\syswow64\d3dx9_27.dll
  • %WINDIR%\syswow64\d3dx9_26.dll
  • %WINDIR%\syswow64\d3dx9_25.dll
  • %WINDIR%\syswow64\d3dx9_24.dll
  • %WINDIR%\syswow64\d3dx11_43.dll
  • %WINDIR%\syswow64\d3dx11_42.dll
  • %WINDIR%\syswow64\d3dx10_43.dll
  • %WINDIR%\syswow64\d3dx10_42.dll
  • %WINDIR%\syswow64\d3dx9_30.dll
  • %WINDIR%\syswow64\d3dx9_29.dll
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\desktop.ini
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\content.ie5\lixmvqoa\desktop.ini
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnsa002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnrc00b.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnrc00a.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnrc007.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnrc006.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnrc005.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnrc004.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnrc003.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnrc002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnsh002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnok002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnnr004.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnnr003.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnnr002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnms002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx00z.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx00y.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx00x.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx00w.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx00v.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx00e.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnod002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnso002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnsv002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnrc00c.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnsv003.cat
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\content.ie5\fzg8ckj5\desktop.ini
  • <SYSTEM32>\catroot2\edb00563.log
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\content.ie5\desktop.ini
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\content.ie5\62axopq5\desktop.ini
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\content.ie5\0ps72r2m\desktop.ini
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\desktop.ini
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\desktop.ini
  • %WINDIR%\syswow64\concrt140d.dll
  • %WINDIR%\syswow64\concrt140.dll
  • <SYSTEM32>\catroot2\edbres00002.jrs
  • <SYSTEM32>\catroot2\edbres00001.jrs
  • <SYSTEM32>\catroot2\edb.chk
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\content.ie5\index.dat
  • <SYSTEM32>\catroot2\dberr.txt
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows7SP1-KB976933~31bf3856ad364e35~amd64~~6.1.0.17514.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\windows-legacy-whql.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Server-Help-Package.ClientEnterprise~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Server-Help-Package.ClientEnterprise~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnxx002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnts003.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnts002.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnsv004.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WinOcr-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\ntph.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WinOcr-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WindowsMediaPlayer-Troubleshooters-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WindowsMediaPlayer-Troubleshooters-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-IIS-WebServer-AddOn-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~8.0.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~en-US~8.0.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Optional-Package-wrapper~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Indexing-Service-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Indexing-Service-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-IIS-WebServer-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-IIS-WebServer-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-IIS-WebServer-AddOn-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Help-CoreClientUAPE-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~amd64~~8.0.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Help-Customization-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-IE-Troubleshooters-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-IE-Troubleshooters-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-IE-Troubleshooters-Package-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-IE-Troubleshooters-Package-wrapper~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-HomePremiumEdition-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-HomeBasicEdition-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Help-Customization-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-IIS-WebServer-AddOn-2-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-IIS-WebServer-AddOn-2-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Killbits-Package~31bf3856ad364e35~amd64~~8.0.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaPlayback-OC-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaPlayer-DVDRegistration-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MobilePC-Client-SideShow-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MobilePC-Client-Premium-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MobilePC-Client-Premium-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MobilePC-Client-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MobilePC-Client-Basic-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MobilePC-Client-SideShow-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Links-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Links-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaCenter-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaCenter-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-LocalPack-ZA-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-LocalPack-US-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-LocalPack-GB-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-LocalPack-CA-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-LocalPack-AU-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MediaPlayback-OC-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Help-CoreClientUAPE-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MSMQ-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-LanguagePack-Package-wrapper~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-BusinessScanning-Feature-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-BusinessScanning-Feature-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Branding-Enterprise-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Branding-Enterprise-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Refresh-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-BLB-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Backup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Backup-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Media-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Media-Foundation-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Guest-Integration-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • %WINDIR%\syswow64\atl71.dll
  • %WINDIR%\syswow64\atl110.dll
  • %WINDIR%\syswow64\atl100.dll
  • %WINDIR%\syswow64\aspnet_counters.dll
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-BLB-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Wired-Network-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Wired-Network-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GPUPipeline-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GPUPipeline-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Gadget-Platform-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Gadget-Platform-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EnterpriseEdition~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EnterpriseEdition-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Editions-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-DesktopWindowManager-uDWM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CodecPack-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CodecPack-Basic-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CodecPack-Basic-Package-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CodecPack-Basic-Encoder-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • %WINDIR%\syswow64\d3dx9_42.dll
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\prnlx00d.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MSMQ-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PeerDist-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Shell-InboxGames-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TabletPC-OC-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TabletPC-OC-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SystemRestore-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SystemRestore-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SUA-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SUA-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-StorageService-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-StorageService-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-StickyNotes-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Telnet-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-StickyNotes-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SNMP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SNMP-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SnippingTool-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SnippingTool-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SimpleTCP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SimpleTCP-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Sidebar-Killbits-SDP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Shell-SoundThemes-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Shell-PremiumInboxGames-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Shell-PremiumInboxGames-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-StarterEdition-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Shell-MultiplayerInboxGames-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Telnet-Server-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Telnet-Server-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~amd64~en-US~8.0.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-VirtualXP-Licensing-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-VirtualPC-USB-RPM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-VirtualPC-USB-RPM-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-VirtualPC-Licensing-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-UltimateEdition-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TFTP-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TFTP-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-UsbRedirector-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-WMIProvider-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-WMIProvider-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-UsbRedirector-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-RemoteApplications-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-RemoteApplications-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-Publishing-WMIProvider-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-Publishing-WMIProvider-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-MiscRedirection-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-MiscRedirection-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-CommandLineTools-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-CommandLineTools-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Telnet-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Shell-MultiplayerInboxGames-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Shell-InboxGames-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Shell-HomeGroup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PeerToPeer-Full-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printing-LocalPrinting-Enterprise-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printing-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printing-Foundation-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printer-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printer-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoBasicPackage~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoBasicPackage~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Personalization-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PeerToPeer-Full-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printing-PremiumTools-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printing-PremiumTools-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printing-XPSServices-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ParentalControls-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ParentalControls-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OpticalMediaDisc-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OpticalMediaDisc-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OfflineFiles-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OfflineFiles-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-NFS-ClientSKU-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-NFS-ClientSKU-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-NetworkDiagnostics-DirectAccessEntry-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PeerDist-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Printing-XPSServices-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ShareMedia-ControlPanel-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RasRip-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Shell-HomeGroup-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RemoteFX-VM-Setup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ShareMedia-ControlPanel-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ServicingBaseline-Ultimate-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Security-SPP-Component-SKU-Enterprise-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Security-SPP-Component-SKU-Enterprise-GVLK-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SearchEngine-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SearchEngine-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SampleContent-Ringtones-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SampleContent-Music-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RemoteFX-VM-Setup-LanguagePack~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ProfessionalEdition-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RemoteFX-RemoteClient-Setup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RemoteFX-RemoteClient-Setup-LanguagePack~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RemoteAssistance-Package-Client~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RemoteAssistance-Package-Client~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RecDisc-SDP-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RDC-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RDC-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RasRip-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • <SYSTEM32>\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-NetFx3-OC-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
  • %WINDIR%\syswow64\d3dx9_43.dll
Network activity
Connects to
  • 'se####.eicar.org':443
  • 'am###.eicar.org':443
  • 'am###.eicar.org':80
TCP
HTTP GET requests
  • http://am###.eicar.org/PotentiallyUnwanted.exe
Other
  • 'se####.eicar.org':443
  • 'am###.eicar.org':443
UDP
  • DNS ASK se####.eicar.org
  • DNS ASK am###.eicar.org
  • 'localhost':57931
  • 'localhost':63902
Miscellaneous
Searches for the following windows
  • ClassName: '#32770' WindowName: ''
  • ClassName: 'SysListView32' WindowName: ''
Creates and executes the following
  • '%WINDIR%\syswow64\cmd.exe' schtasks /DELETE /TN gimotti /F' (with hidden window)
  • '%WINDIR%\syswow64\net.exe' stop "wuauserv"' (with hidden window)
  • '%WINDIR%\syswow64\net.exe' stop "wscsvc"' (with hidden window)
  • '%WINDIR%\syswow64\net.exe' stop "Sense"' (with hidden window)
  • '%WINDIR%\syswow64\net.exe' stop "WdNisSvc"' (with hidden window)
  • '%WINDIR%\syswow64\net.exe' stop "WinDefend"' (with hidden window)
  • '%WINDIR%\syswow64\net.exe' stop "mpssvc"' (with hidden window)
  • '%WINDIR%\syswow64\net.exe' stop "EventLog"' (with hidden window)
  • '%WINDIR%\syswow64\net.exe' stop "SDRSVC"' (with hidden window)
Executes the following
  • '%WINDIR%\syswow64\cmd.exe' schtasks /DELETE /TN gimotti /F
  • '%WINDIR%\syswow64\net1.exe' stop "wuauserv"
  • '%WINDIR%\syswow64\net1.exe' stop "wscsvc"
  • '%WINDIR%\syswow64\net1.exe' stop "Sense"
  • '%WINDIR%\syswow64\net1.exe' stop "WdNisSvc"
  • '%WINDIR%\syswow64\net1.exe' stop "WinDefend"
  • '%WINDIR%\syswow64\net1.exe' stop "mpssvc"
  • '%WINDIR%\syswow64\net1.exe' stop "EventLog"
  • '%WINDIR%\syswow64\net1.exe' stop "SDRSVC"

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play