Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SigREST] 'ImagePath' = '"%ProgramFiles%\Topaz Systems Inc\SigWeb\SigWeb.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SigREST] 'Start' = '00000002'
- <SYSTEM32>\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD
- <SYSTEM32>\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD
- <SYSTEM32>\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
- %TEMP%\Cab12.tmp
- <SYSTEM32>\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
- %TEMP%\Cab17.tmp
- %TEMP%\Cab19.tmp
- %TEMP%\Cab15.tmp
- %TEMP%\VSD14.tmp\install.log
- %WINDIR%\Installer\2cd87.msi
- %WINDIR%\SigPlus\Cert\~GLH0009.TMP
- %TEMP%\Cab6.tmp
- %WINDIR%\SigPlus\Cert\~GLH0008.TMP
- %WINDIR%\SigPlus\Cert\~GLH0006.TMP
- %WINDIR%\SigPlus\Cert\~GLH0007.TMP
- %TEMP%\CabE.tmp
- %TEMP%\Cab10.tmp
- %TEMP%\CabC.tmp
- %TEMP%\Cab8.tmp
- %TEMP%\CabA.tmp
- %TEMP%\Cab1B.tmp
- %ProgramFiles%\Topaz Systems Inc\SigWeb\SigRESTHost.dll
- %ProgramFiles%\Topaz Systems Inc\SigWeb\SigWeb.exe.config
- %ProgramFiles%\Topaz Systems Inc\SigWeb\SigWeb.exe
- %TEMP%\Cab28.tmp
- %ProgramFiles%\Topaz Systems Inc\SigWeb\SigPlusNET.dll
- %WINDIR%\Installer\MSI2B.tmp
- %TEMP%\~DF17D8.tmp
- %WINDIR%\Installer\2cd8b.msi
- %WINDIR%\Installer\MSI2A.tmp
- %ProgramFiles%\Topaz Systems Inc\SigWeb\SigWeb.InstallState
- %WINDIR%\Installer\2cd89.ipi
- %TEMP%\~DF370E.tmp
- %WINDIR%\Installer\MSI1F.tmp
- %WINDIR%\Installer\MSI1D.tmp
- %TEMP%\CFG1E.tmp
- %TEMP%\Cab24.tmp
- %TEMP%\Cab26.tmp
- %TEMP%\Cab22.tmp
- %WINDIR%\Installer\MSI20.tmp
- C:\Config.Msi\2cd8a.rbs
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- %TEMP%\GLK3.tmp
- %TEMP%\GLB1.tmp
- %TEMP%\GLC2.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\Software\ProgVer.bat
- C:\Software\CompatView.bat
- C:\Software\KillIECheckNewVer.bat
- C:\Software\RemoveDiscoCompatView.reg
- C:\Software\CheckNewerVer.reg
- C:\Software\SigWeb.exe
- C:\Software\iexplore.exe
- C:\Software\Readme.bat
- C:\Software\ProgVer.reg
- C:\Software\Sigpad Installer Readme.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
- %WINDIR%\SigPlus\SigWeb\~GLH0001.TMP
- %WINDIR%\SigPlus\Cert\~GLH0004.TMP
- %WINDIR%\SigPlus\Cert\~GLH0005.TMP
- %WINDIR%\SigPlus\Cert\~GLH0003.TMP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
- %WINDIR%\SigPlus\SigWeb\~GLH0002.TMP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
- %WINDIR%\SigPlus\~GLH0000.TMP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
- %TEMP%\GLG5.tmp
- %TEMP%\Cab26.tmp
- %TEMP%\Cab28.tmp
- %TEMP%\Cab24.tmp
- %WINDIR%\Installer\MSI1F.tmp
- %TEMP%\Cab22.tmp
- %WINDIR%\Installer\MSI2A.tmp
- %WINDIR%\Installer\2cd87.msi
- %WINDIR%\Installer\2cd89.ipi
- C:\Config.Msi\2cd8a.rbs
- %WINDIR%\Installer\MSI20.tmp
- %WINDIR%\Installer\MSI2B.tmp
- %WINDIR%\Installer\MSI1D.tmp
- %TEMP%\CabC.tmp
- %TEMP%\CabE.tmp
- %TEMP%\CabA.tmp
- %TEMP%\Cab6.tmp
- %TEMP%\Cab8.tmp
- %TEMP%\Cab10.tmp
- %TEMP%\Cab19.tmp
- %TEMP%\Cab1B.tmp
- %TEMP%\Cab17.tmp
- %TEMP%\Cab12.tmp
- %TEMP%\Cab15.tmp
- from %WINDIR%\SigPlus\Cert\~GLH0006.TMP to %WINDIR%\SigPlus\Cert\swuc.exe
- from %WINDIR%\SigPlus\Cert\~GLH0005.TMP to %WINDIR%\SigPlus\Cert\resetport.exe
- from %WINDIR%\SigPlus\Cert\~GLH0007.TMP to %WINDIR%\SigPlus\Cert\ssl-certificate.pfx
- from %WINDIR%\SigPlus\Cert\~GLH0009.TMP to %WINDIR%\SigPlus\Cert\sigweb_cert.exe
- from %WINDIR%\SigPlus\Cert\~GLH0008.TMP to %WINDIR%\SigPlus\Cert\swhu.exe
- from %WINDIR%\SigPlus\SigWeb\~GLH0001.TMP to %WINDIR%\SigPlus\SigWeb\SigWebSetup.msi
- from %WINDIR%\SigPlus\~GLH0000.TMP to %WINDIR%\SigPlus\TopazLicense.txt
- from %WINDIR%\SigPlus\SigWeb\~GLH0002.TMP to %WINDIR%\SigPlus\SigWeb\setup.exe
- from %WINDIR%\SigPlus\Cert\~GLH0004.TMP to %WINDIR%\SigPlus\Cert\ResetPort.bat
- from %WINDIR%\SigPlus\Cert\~GLH0003.TMP to %WINDIR%\SigPlus\Cert\ICert.bat
- 'sv.##mcb.com':80
- '20#.#6.232.182':80
- 'wp#d':80
- 'download.windowsupdate.com':80
- http://sv.##mcb.com/sv.crt
- http://crl.microsoft.com/pki/crl/products/CSPCA.crl via 20#.#6.232.182
- http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl via 20#.#6.232.182
- http://11#.#11.111.1/wpad.dat via wp#d
- http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt via download.windowsupdate.com
- http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab via download.windowsupdate.com
- DNS ASK sv.##mcb.com
- DNS ASK crl.microsoft.com
- DNS ASK wp#d
- DNS ASK www.download.windowsupdate.com
- '%WINDIR%\SigPlus\SigWeb\setup.exe' /quiet
- '%ProgramFiles%\Topaz Systems Inc\SigWeb\SigWeb.exe'
- '%WINDIR%\SigPlus\Cert\swuc.exe'
- 'C:\Software\SigWeb.exe' AA
- '%TEMP%\GLB1.tmp' AA4736 C:\Software\SigWeb.exe
- '<SYSTEM32>\msiexec.exe' -Embedding 05B5D5A7465691275CF1A8B653C9F50A M Global\MSI0000
- '<SYSTEM32>\svchost.exe' -k HTTPFilter
- '<SYSTEM32>\msiexec.exe' -Embedding 24A0F312D0C18C745EDEB2E1A3548E03
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' -I "%WINDIR%\SigPlus\SigWeb\SigWebSetup.msi" /quiet