Technical Information
- %TEMP%\RarSFX0\Desintalador2.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- %WINDIR%\Installer\MSIB.tmp
- %WINDIR%\Installer\2900b.msi
- %WINDIR%\Installer\MSIA.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %WINDIR%\Installer\{205C6BDD-7B73-42DE-8505-9A093F35A238}\RichUpload.ico
- %WINDIR%\Installer\2900a.msi
- C:\Config.Msi\29009.rbs
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\FS\OBJECTS.MAP
- %WINDIR%\Installer\MSI7.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\FS\OBJECTS.DATA
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\FS\MAPPING2.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\FS\MAPPING1.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\FS\MAPPING.VER
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\FS\INDEX.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\FS\INDEX.BTR
- %WINDIR%\Installer\29008.ipi
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\Repository\$WinMgmt.CFG
- %ProgramFiles%\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll
- %WINDIR%\Installer\29006.msi
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\_REGISTRY_USER_.DEFAULT
- %APPDATA%\Microsoft\Protect\CREDHIST
- %CommonProgramFiles%\Microsoft Shared\Windows Live\LogicalDevice.dll
- %CommonProgramFiles%\Microsoft Shared\Windows Live\HWDeviceLogin.dll
- %CommonProgramFiles%\Microsoft Shared\Windows Live\WLLoginProxy.exe
- %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
- %APPDATA%\Microsoft\IdentityCRL\production\ppcrlconfig.dll
- %ALLUSERSPROFILE%\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
- %CommonProgramFiles%\Microsoft Shared\Windows Live\msidcrl40.dll
- C:\Config.Msi\2900e.rbs
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\Repository\FS\OBJECTS.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\Repository\FS\OBJECTS.DATA
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\domain.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\Repository\FS\MAPPING1.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\Repository\FS\MAPPING.VER
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\Repository\FS\INDEX.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\Repository\FS\INDEX.BTR
- %WINDIR%\Installer\2900d.ipi
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\Repository\$WinMgmt.CFG
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\domain.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\ComDb.Dat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\_REGISTRY_MACHINE_SOFTWARE
- %WINDIR%\Installer\MSIC.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\_REGISTRY_MACHINE_SECURITY
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\ComDb.Dat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- %WINDIR%\Installer\2900f.msi
- %WINDIR%\Installer\29003.ipi
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\29001.msi
- %HOMEPATH%\Desktop\Windows Live Mail.lnk
- %TEMP%\RarSFX0\wllogin.msi
- %TEMP%\RarSFX0\SpamFilterData.msi
- %TEMP%\RarSFX0\SegoeFont.msi
- %TEMP%\RarSFX0\RichUpload.msi
- %TEMP%\RarSFX0\Mail.msi
- %TEMP%\RarSFX0\lagerencia2.bat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP18\snapshot\Repository\FS\MAPPING2.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_MACHINE_SOFTWARE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_MACHINE_SECURITY
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_.DEFAULT
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP17\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
- %WINDIR%\Installer\MSI6.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
- %WINDIR%\Installer\29005.msi
- %WINDIR%\Fonts\segoeuiz.ttf
- %WINDIR%\Fonts\segoeuii.ttf
- %WINDIR%\Fonts\segoeuib.ttf
- %WINDIR%\Fonts\segoeui.ttf
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
- C:\Config.Msi\29004.rbs
- %WINDIR%\Installer\MSI2.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
- %WINDIR%\Installer\MSI5.tmp
- %WINDIR%\Installer\{7593234B-2AEB-4FC9-B02D-C9B30D86084C}\prodicon.ico
- %WINDIR%\Installer\MSI1.tmp
- C:\Config.Msi\2900e.rbs
- %WINDIR%\Installer\MSIC.tmp
- %WINDIR%\Installer\MSIB.tmp
- %WINDIR%\Installer\29008.ipi
- %WINDIR%\Installer\29006.msi
- %WINDIR%\Installer\MSIA.tmp
- %WINDIR%\Installer\2900b.msi
- C:\Config.Msi\29009.rbs
- %WINDIR%\Installer\MSI6.tmp
- %WINDIR%\Installer\MSI5.tmp
- %WINDIR%\Installer\29003.ipi
- %WINDIR%\Installer\29001.msi
- C:\Config.Msi\29004.rbs
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI7.tmp
- %WINDIR%\Installer\2900d.ipi
- 'wp#d':80
- '20#.#6.232.182':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://crl.microsoft.com/pki/crl/products/CSPCA.crl via 20#.#6.232.182
- DNS ASK wp#d
- DNS ASK crl.microsoft.com
- ClassName: 'EDIT' WindowName: ''
- '%CommonProgramFiles%\Microsoft Shared\Windows Live\WLLoginProxy.exe' -regserver
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\lagerencia2.bat" "
- '<SYSTEM32>\msiexec.exe' /i "%TEMP%\RarSFX0\SegoeFont.msi" /qb
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' -Embedding 7DDC18DFBBC063B631333281C7B605DF
- '<SYSTEM32>\msiexec.exe' /i "%TEMP%\RarSFX0\RichUpload.msi" /qb
- '<SYSTEM32>\msiexec.exe' -Embedding C11CDD17BA539F960FA485819C429D24
- '<SYSTEM32>\msiexec.exe' /i "%TEMP%\RarSFX0\wllogin.msi" /qb
- '<SYSTEM32>\msiexec.exe' -Embedding 465E15ADDB29346D5E61F50EF4D70011
- '<SYSTEM32>\msiexec.exe' /Y "%CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
- '<SYSTEM32>\msiexec.exe' /Y "%CommonProgramFiles%\Microsoft Shared\Windows Live\HWDeviceLogin.dll"
- '<SYSTEM32>\msiexec.exe' /Y "%CommonProgramFiles%\Microsoft Shared\Windows Live\LogicalDevice.dll"