Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\1C Update Service] 'Start' = '00000002'
- '%PROGRAM_FILES%\1cupdsrv\1cupdsrv.exe'
- 'C:\1cUpdate\1cUpdate_bat.exe'
- '%PROGRAM_FILES%\1cupdsrv\1cupdsrv.exe' -installforce
- 'C:\1cUpdate\vcredist_x86.exe' /qb!
- 'C:\7826914043a9f21074\install.exe' /qb!
- '<SYSTEM32>\msiexec.exe' -Embedding 4E528927B7E9331771C23491275EFCAA
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\cmd.exe' /c ""C:\1cUpdate\install.bat" "
- C:\install.res.1042.dll
- C:\eula.2052.txt
- C:\eula.1028.txt
- C:\install.res.1041.dll
- C:\install.res.3082.dll
- C:\install.res.1036.dll
- C:\install.res.1040.dll
- C:\eula.1031.txt
- C:\eula.1041.txt
- C:\eula.1042.txt
- C:\globdata.ini
- C:\eula.1040.txt
- C:\eula.1033.txt
- C:\eula.3082.txt
- C:\eula.1036.txt
- %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a.cat
- %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a.cat
- %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1.cat
- %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9.cat
- %WINDIR%\Installer\MSI2.tmp
- C:\Config.Msi\5218c.rbs
- %WINDIR%\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
- %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.21022.8.cat
- C:\install.res.1028.dll
- C:\install.res.1031.dll
- C:\install.res.1033.dll
- C:\install.res.2052.dll
- %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\9.0.21022.8.cat
- %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\9.0.21022.8.cat
- %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.21022.8.cat
- C:\install.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
- %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.21022.8.policy
- %WINDIR%\Installer\$PatchCache$\Managed\6F9E66FF7E38E3A3FA41D89E8A906A4A\9.0.21022\FL_msdia71_dll_2_60035_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
- %TEMP%\VWL5.tmp
- %PROGRAM_FILES%\1cupdsrv\1cupdsrv.exe
- %WINDIR%\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\9.0.21022.8.policy
- %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\9.0.21022.8.policy
- %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.21022.8.policy
- %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9.manifest
- %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a.manifest
- %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a.manifest
- C:\VC_RED.cab
- C:\install.ini
- C:\VC_RED.MSI
- C:\vcredist.bmp
- %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1.manifest
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
- %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\RestorePointSize
- C:\7826914043a9f21074\eula.1040.txt
- C:\7826914043a9f21074\eula.1036.txt
- C:\7826914043a9f21074\eula.3082.txt
- C:\7826914043a9f21074\eula.1041.txt
- C:\7826914043a9f21074\install.res.2052.dll
- C:\7826914043a9f21074\eula.1033.txt
- C:\7826914043a9f21074\eula.1042.txt
- C:\7826914043a9f21074\eula.1031.txt
- C:\7826914043a9f21074\vcredist.bmp
- C:\7826914043a9f21074\$shtdwn$.req
- %TEMP%\dd_vcredistUI326A.txt
- C:\7826914043a9f21074\install.ini
- C:\7826914043a9f21074\eula.1028.txt
- C:\7826914043a9f21074\eula.2052.txt
- C:\7826914043a9f21074\globdata.ini
- C:\7826914043a9f21074\vc_red.cab
- C:\7826914043a9f21074\vc_red.msi
- C:\7826914043a9f21074\install.exe
- C:\1cUpdate\vcredist_x86.exe
- C:\1cUpdate\1cUpdate_bat.exe
- C:\1cUpdate\1cupdsrv.exe
- C:\1cUpdate\install.bat
- C:\7826914043a9f21074\install.res.1033.dll
- C:\7826914043a9f21074\install.res.3082.dll
- C:\7826914043a9f21074\install.res.1031.dll
- C:\7826914043a9f21074\install.res.1028.dll
- C:\7826914043a9f21074\install.res.1036.dll
- C:\7826914043a9f21074\install.res.1042.dll
- C:\7826914043a9f21074\install.res.1041.dll
- C:\7826914043a9f21074\install.res.1040.dll
- %TEMP%\dd_vcredistMSI326A.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\drivetable.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\drivetable.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
- %WINDIR%\Installer\MSI1.tmp
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\rp.log
- %WINDIR%\Installer\52189.msi
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
- C:\7826914043a9f21074\install.res.1028.dll
- C:\7826914043a9f21074\install.res.2052.dll
- C:\7826914043a9f21074\install.res.3082.dll
- C:\7826914043a9f21074\install.res.1031.dll
- C:\7826914043a9f21074\eula.1041.txt
- C:\7826914043a9f21074\eula.1040.txt
- C:\7826914043a9f21074\eula.1033.txt
- C:\7826914043a9f21074\eula.1042.txt
- C:\7826914043a9f21074\install.exe
- C:\7826914043a9f21074\install.res.1033.dll
- C:\7826914043a9f21074\vc_red.cab
- C:\7826914043a9f21074\vc_red.msi
- C:\7826914043a9f21074\install.res.1040.dll
- C:\7826914043a9f21074\install.res.1036.dll
- C:\7826914043a9f21074\install.res.1042.dll
- C:\7826914043a9f21074\install.res.1041.dll
- %WINDIR%\Installer\52189.msi
- C:\Config.Msi\5218c.rbs
- %TEMP%\VWL5.tmp
- %WINDIR%\Installer\5218b.ipi
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI1.tmp
- C:\Config.Msi\5218e.rbf
- C:\Config.Msi\5218d.rbf
- C:\7826914043a9f21074\eula.1031.txt
- C:\7826914043a9f21074\eula.1028.txt
- C:\7826914043a9f21074\eula.1036.txt
- C:\7826914043a9f21074\eula.3082.txt
- C:\7826914043a9f21074\install.ini
- C:\7826914043a9f21074\vcredist.bmp
- C:\7826914043a9f21074\eula.2052.txt
- C:\7826914043a9f21074\globdata.ini
- from %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.21022.8.cat to C:\Config.Msi\5218e.rbf
- from %WINDIR%\WinSxS\Manifests\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375.cat to C:\Config.Msi\5218d.rbf
- '20#.#6.232.182':80
- 'wp#d':80
- 20#.#6.232.182/pki/crl/products/CSPCA.crl
- wp#d/wpad.dat
- DNS ASK crl.microsoft.com
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'