ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

BY

RU CN EN ES FR IT JP KZ UZ BY ID
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.Siggen32.58720

Добавлен в вирусную базу Dr.Web: 2026-06-15

Описание добавлено:

Technical Information

To ensure autorun and distribution
Sets the following service settings
  • [HKLM\SYSTEM\CurrentControlSet\Services\WinSecSrv] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\WinSecSrv] 'ImagePath' = '<DRIVERSTORE>\FileRepository\swenum.inf_amd64_6b216c52a3f789e2\WinSecSrv.exe'
  • [HKLM\SYSTEM\CurrentControlSet\Services\WinSecHostSvc] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\WinSecHostSvc] 'ImagePath' = '<DRIVERSTORE>\FileRepository\wmbclass.inf_amd64_7c327d63b4089a1f\WinSecHost.exe'
Creates the following services
  • 'WinSecSrv' <DRIVERSTORE>\FileRepository\swenum.inf_amd64_6b216c52a3f789e2\WinSecSrv.exe
  • 'WinSecHostSvc' <DRIVERSTORE>\FileRepository\wmbclass.inf_amd64_7c327d63b4089a1f\WinSecHost.exe
Malicious functions
To complicate detection of its presence in the operating system,
adds antivirus exclusion:
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdA...
Modifies file system
Creates the following files
  • %TEMP%\.net\<File name>\218\winsecsrv.dll
  • %TEMP%\.net\<File name>\218\winsecsrv.runtimeconfig.json
  • %TEMP%\.net\<File name>\218\microsoft.csharp.dll
  • %TEMP%\.net\<File name>\218\microsoft.visualbasic.core.dll
  • %TEMP%\.net\<File name>\218\microsoft.visualbasic.dll
  • %TEMP%\.net\<File name>\218\microsoft.win32.primitives.dll
  • %TEMP%\.net\<File name>\218\microsoft.win32.registry.dll
  • %TEMP%\.net\<File name>\218\system.appcontext.dll
  • %TEMP%\.net\<File name>\218\system.buffers.dll
  • %TEMP%\.net\<File name>\218\system.collections.concurrent.dll
  • %TEMP%\.net\<File name>\218\system.collections.immutable.dll
  • %TEMP%\.net\<File name>\218\system.collections.nongeneric.dll
  • %TEMP%\.net\<File name>\218\system.collections.specialized.dll
  • %TEMP%\.net\<File name>\218\system.collections.dll
  • %TEMP%\.net\<File name>\218\system.componentmodel.annotations.dll
  • %TEMP%\.net\<File name>\218\system.componentmodel.dataannotations.dll
  • %TEMP%\.net\<File name>\218\system.componentmodel.eventbasedasync.dll
  • %TEMP%\.net\<File name>\218\system.componentmodel.primitives.dll
  • %TEMP%\.net\<File name>\218\system.componentmodel.typeconverter.dll
  • %TEMP%\.net\<File name>\218\system.componentmodel.dll
  • %TEMP%\.net\<File name>\218\system.configuration.dll
  • %TEMP%\.net\<File name>\218\system.console.dll
  • %TEMP%\.net\<File name>\218\system.core.dll
  • %TEMP%\.net\<File name>\218\system.data.common.dll
  • %TEMP%\.net\<File name>\218\system.data.datasetextensions.dll
  • %TEMP%\.net\<File name>\218\system.data.dll
  • %TEMP%\.net\<File name>\218\system.diagnostics.contracts.dll
  • %TEMP%\.net\<File name>\218\system.diagnostics.debug.dll
  • %TEMP%\.net\<File name>\218\system.diagnostics.fileversioninfo.dll
  • %TEMP%\.net\<File name>\218\system.diagnostics.process.dll
  • %TEMP%\.net\<File name>\218\system.diagnostics.stacktrace.dll
  • %TEMP%\.net\<File name>\218\system.diagnostics.textwritertracelistener.dll
  • %TEMP%\.net\<File name>\218\system.diagnostics.tools.dll
  • %TEMP%\.net\<File name>\218\system.diagnostics.tracesource.dll
  • %TEMP%\.net\<File name>\218\system.diagnostics.tracing.dll
  • %TEMP%\.net\<File name>\218\system.drawing.primitives.dll
  • %TEMP%\.net\<File name>\218\system.drawing.dll
  • %TEMP%\.net\<File name>\218\system.dynamic.runtime.dll
  • %TEMP%\.net\<File name>\218\system.formats.asn1.dll
  • %TEMP%\.net\<File name>\218\system.formats.tar.dll
  • %TEMP%\.net\<File name>\218\system.globalization.calendars.dll
  • %TEMP%\.net\<File name>\218\system.globalization.extensions.dll
  • %TEMP%\.net\<File name>\218\system.globalization.dll
  • %TEMP%\.net\<File name>\218\system.io.compression.brotli.dll
  • %TEMP%\.net\<File name>\218\system.io.compression.filesystem.dll
  • %TEMP%\.net\<File name>\218\system.io.compression.zipfile.dll
  • %TEMP%\.net\<File name>\218\system.io.compression.dll
  • %TEMP%\.net\<File name>\218\system.io.filesystem.accesscontrol.dll
  • %TEMP%\.net\<File name>\218\system.io.filesystem.driveinfo.dll
  • %TEMP%\.net\<File name>\218\system.io.filesystem.primitives.dll
  • %TEMP%\.net\<File name>\218\system.io.filesystem.watcher.dll
  • %TEMP%\.net\<File name>\218\system.io.filesystem.dll
  • %TEMP%\.net\<File name>\218\system.io.isolatedstorage.dll
  • %TEMP%\.net\<File name>\218\system.io.memorymappedfiles.dll
  • %TEMP%\.net\<File name>\218\system.io.pipes.accesscontrol.dll
  • %TEMP%\.net\<File name>\218\system.io.pipes.dll
  • %TEMP%\.net\<File name>\218\system.io.unmanagedmemorystream.dll
  • %TEMP%\.net\<File name>\218\system.io.dll
  • %TEMP%\.net\<File name>\218\system.linq.expressions.dll
  • %TEMP%\.net\<File name>\218\system.linq.parallel.dll
  • %TEMP%\.net\<File name>\218\system.linq.queryable.dll
  • %TEMP%\.net\<File name>\218\system.linq.dll
  • %TEMP%\.net\<File name>\218\system.memory.dll
  • %TEMP%\.net\<File name>\218\system.net.http.json.dll
  • %TEMP%\.net\<File name>\218\system.net.http.dll
  • %TEMP%\.net\<File name>\218\system.net.httplistener.dll
  • %TEMP%\.net\<File name>\218\system.net.mail.dll
  • %TEMP%\.net\<File name>\218\system.net.nameresolution.dll
  • %TEMP%\.net\<File name>\218\system.net.networkinformation.dll
  • %TEMP%\.net\<File name>\218\system.net.ping.dll
  • %TEMP%\.net\<File name>\218\system.net.primitives.dll
  • %TEMP%\.net\<File name>\218\system.net.quic.dll
  • %TEMP%\.net\<File name>\218\system.net.requests.dll
  • %TEMP%\.net\<File name>\218\system.net.security.dll
  • %TEMP%\.net\<File name>\218\system.net.servicepoint.dll
  • %TEMP%\.net\<File name>\218\system.net.sockets.dll
  • %TEMP%\.net\<File name>\218\system.net.webclient.dll
  • %TEMP%\.net\<File name>\218\system.net.webheadercollection.dll
  • %TEMP%\.net\<File name>\218\system.net.webproxy.dll
  • %TEMP%\.net\<File name>\218\system.net.websockets.client.dll
  • %TEMP%\.net\<File name>\218\system.net.websockets.dll
  • %TEMP%\.net\<File name>\218\system.net.dll
  • %TEMP%\.net\<File name>\218\system.numerics.vectors.dll
  • %TEMP%\.net\<File name>\218\system.numerics.dll
  • %TEMP%\.net\<File name>\218\system.objectmodel.dll
  • %TEMP%\.net\<File name>\218\system.private.corelib.dll
  • %TEMP%\.net\<File name>\218\system.private.datacontractserialization.dll
  • %TEMP%\.net\<File name>\218\system.private.uri.dll
  • %TEMP%\.net\<File name>\218\system.private.xml.linq.dll
  • %TEMP%\.net\<File name>\218\system.private.xml.dll
  • %TEMP%\.net\<File name>\218\system.reflection.dispatchproxy.dll
  • %TEMP%\.net\<File name>\218\system.reflection.emit.ilgeneration.dll
  • %TEMP%\.net\<File name>\218\system.reflection.emit.lightweight.dll
  • %TEMP%\.net\<File name>\218\system.reflection.emit.dll
  • %TEMP%\.net\<File name>\218\system.reflection.extensions.dll
  • %TEMP%\.net\<File name>\218\system.reflection.metadata.dll
  • %TEMP%\.net\<File name>\218\system.reflection.primitives.dll
  • %TEMP%\.net\<File name>\218\system.reflection.typeextensions.dll
  • %TEMP%\.net\<File name>\218\system.reflection.dll
  • %TEMP%\.net\<File name>\218\system.resources.reader.dll
  • %TEMP%\.net\<File name>\218\system.resources.resourcemanager.dll
  • %TEMP%\.net\<File name>\218\system.resources.writer.dll
  • %TEMP%\.net\<File name>\218\system.runtime.compilerservices.unsafe.dll
  • %TEMP%\.net\<File name>\218\system.runtime.compilerservices.visualc.dll
  • %TEMP%\.net\<File name>\218\system.runtime.extensions.dll
  • %TEMP%\.net\<File name>\218\system.runtime.handles.dll
  • %TEMP%\.net\<File name>\218\system.runtime.interopservices.javascript.dll
  • %TEMP%\.net\<File name>\218\system.runtime.interopservices.runtimeinformation.dll
  • %TEMP%\.net\<File name>\218\system.runtime.interopservices.dll
  • %TEMP%\.net\<File name>\218\system.runtime.intrinsics.dll
  • %TEMP%\.net\<File name>\218\system.runtime.loader.dll
  • %TEMP%\.net\<File name>\218\system.runtime.numerics.dll
  • %TEMP%\.net\<File name>\218\system.runtime.serialization.formatters.dll
  • %TEMP%\.net\<File name>\218\system.runtime.serialization.json.dll
  • %TEMP%\.net\<File name>\218\system.runtime.serialization.primitives.dll
  • %TEMP%\.net\<File name>\218\system.runtime.serialization.xml.dll
  • %TEMP%\.net\<File name>\218\system.runtime.serialization.dll
  • %TEMP%\.net\<File name>\218\system.runtime.dll
  • %TEMP%\.net\<File name>\218\system.security.accesscontrol.dll
  • %TEMP%\.net\<File name>\218\system.security.claims.dll
  • %TEMP%\.net\<File name>\218\system.security.cryptography.algorithms.dll
  • %TEMP%\.net\<File name>\218\system.security.cryptography.cng.dll
  • %TEMP%\.net\<File name>\218\system.security.cryptography.csp.dll
  • %TEMP%\.net\<File name>\218\system.security.cryptography.encoding.dll
  • %TEMP%\.net\<File name>\218\system.security.cryptography.openssl.dll
  • %TEMP%\.net\<File name>\218\system.security.cryptography.primitives.dll
  • %TEMP%\.net\<File name>\218\system.security.cryptography.x509certificates.dll
  • %TEMP%\.net\<File name>\218\system.security.cryptography.dll
  • %TEMP%\.net\<File name>\218\system.security.principal.windows.dll
  • %TEMP%\.net\<File name>\218\system.security.principal.dll
  • %TEMP%\.net\<File name>\218\system.security.securestring.dll
  • %TEMP%\.net\<File name>\218\system.security.dll
  • %TEMP%\.net\<File name>\218\system.servicemodel.web.dll
  • %TEMP%\.net\<File name>\218\system.serviceprocess.dll
  • %TEMP%\.net\<File name>\218\system.text.encoding.codepages.dll
  • %TEMP%\.net\<File name>\218\system.text.encoding.extensions.dll
  • %TEMP%\.net\<File name>\218\system.text.encoding.dll
  • %TEMP%\.net\<File name>\218\system.text.regularexpressions.dll
  • %TEMP%\.net\<File name>\218\system.threading.overlapped.dll
  • %TEMP%\.net\<File name>\218\system.threading.tasks.dataflow.dll
  • %TEMP%\.net\<File name>\218\system.threading.tasks.extensions.dll
  • %TEMP%\.net\<File name>\218\system.threading.tasks.parallel.dll
  • %TEMP%\.net\<File name>\218\system.threading.tasks.dll
  • %TEMP%\.net\<File name>\218\system.threading.thread.dll
  • %TEMP%\.net\<File name>\218\system.threading.threadpool.dll
  • %TEMP%\.net\<File name>\218\system.threading.timer.dll
  • %TEMP%\.net\<File name>\218\system.threading.dll
  • %TEMP%\.net\<File name>\218\system.transactions.local.dll
  • %TEMP%\.net\<File name>\218\system.transactions.dll
  • %TEMP%\.net\<File name>\218\system.valuetuple.dll
  • %TEMP%\.net\<File name>\218\system.web.httputility.dll
  • %TEMP%\.net\<File name>\218\system.web.dll
  • %TEMP%\.net\<File name>\218\system.windows.dll
  • %TEMP%\.net\<File name>\218\system.xml.linq.dll
  • %TEMP%\.net\<File name>\218\system.xml.readerwriter.dll
  • %TEMP%\.net\<File name>\218\system.xml.serialization.dll
  • %TEMP%\.net\<File name>\218\system.xml.xdocument.dll
  • %TEMP%\.net\<File name>\218\system.xml.xpath.xdocument.dll
  • %TEMP%\.net\<File name>\218\system.xml.xpath.dll
  • %TEMP%\.net\<File name>\218\system.xml.xmldocument.dll
  • %TEMP%\.net\<File name>\218\system.xml.xmlserializer.dll
  • %TEMP%\.net\<File name>\218\system.xml.dll
  • %TEMP%\.net\<File name>\218\system.dll
  • %TEMP%\.net\<File name>\218\windowsbase.dll
  • %TEMP%\.net\<File name>\218\mscorlib.dll
  • %TEMP%\.net\<File name>\218\netstandard.dll
  • %TEMP%\.net\<File name>\218\microsoft.aspnetcore.connections.abstractions.dll
  • %TEMP%\.net\<File name>\218\microsoft.aspnetcore.http.connections.client.dll
  • %TEMP%\.net\<File name>\218\microsoft.aspnetcore.http.connections.common.dll
  • %TEMP%\.net\<File name>\218\microsoft.aspnetcore.signalr.client.dll
  • %TEMP%\.net\<File name>\218\microsoft.aspnetcore.signalr.client.core.dll
  • %TEMP%\.net\<File name>\218\microsoft.aspnetcore.signalr.common.dll
  • %TEMP%\.net\<File name>\218\microsoft.aspnetcore.signalr.protocols.json.dll
  • %TEMP%\.net\<File name>\218\microsoft.bcl.asyncinterfaces.dll
  • %TEMP%\.net\<File name>\218\microsoft.bcl.timeprovider.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.configuration.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.configuration.abstractions.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.configuration.binder.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.configuration.commandline.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.configuration.environmentvariables.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.configuration.fileextensions.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.configuration.json.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.configuration.usersecrets.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.dependencyinjection.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.dependencyinjection.abstractions.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.diagnostics.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.diagnostics.abstractions.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.features.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.fileproviders.abstractions.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.fileproviders.physical.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.filesystemglobbing.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.hosting.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.hosting.abstractions.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.hosting.windowsservices.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.logging.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.logging.abstractions.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.logging.configuration.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.logging.console.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.logging.debug.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.logging.eventlog.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.logging.eventsource.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.options.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.options.configurationextensions.dll
  • %TEMP%\.net\<File name>\218\microsoft.extensions.primitives.dll
  • %TEMP%\.net\<File name>\218\serilog.dll
  • %TEMP%\.net\<File name>\218\serilog.extensions.logging.dll
  • %TEMP%\.net\<File name>\218\serilog.extensions.logging.file.dll
  • %TEMP%\.net\<File name>\218\serilog.formatting.compact.dll
  • %TEMP%\.net\<File name>\218\serilog.sinks.async.dll
  • %TEMP%\.net\<File name>\218\serilog.sinks.file.dll
  • %TEMP%\.net\<File name>\218\serilog.sinks.rollingfile.dll
  • %TEMP%\.net\<File name>\218\system.codedom.dll
  • %TEMP%\.net\<File name>\218\system.diagnostics.diagnosticsource.dll
  • %TEMP%\.net\<File name>\218\system.diagnostics.eventlog.messages.dll
  • %TEMP%\.net\<File name>\218\system.diagnostics.eventlog.dll
  • %TEMP%\.net\<File name>\218\system.io.pipelines.dll
  • %TEMP%\.net\<File name>\218\system.management.dll
  • %TEMP%\.net\<File name>\218\system.net.serversentevents.dll
  • %TEMP%\.net\<File name>\218\system.serviceprocess.servicecontroller.dll
  • %TEMP%\.net\<File name>\218\system.text.encodings.web.dll
  • %TEMP%\.net\<File name>\218\system.text.json.dll
  • %TEMP%\.net\<File name>\218\system.threading.channels.dll
  • %TEMP%\.net\<File name>\218\winsecsrv.deps.json
  • <DRIVERSTORE>\filerepository\swenum.inf_amd64_6b216c52a3f789e2\winsecsrv.exe
  • <DRIVERSTORE>\filerepository\wmbclass.inf_amd64_7c327d63b4089a1f\winsechost.exe
  • <DRIVERSTORE>\filerepository\vmsrvc.inf_amd64_8d438e74c519ab20\vmbusrv.exe
  • %WINDIR%\temp\.net\winsecsrv\fa8\winsecsrv.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\winsecsrv.runtimeconfig.json
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.csharp.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.visualbasic.core.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.visualbasic.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.win32.primitives.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.win32.registry.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.appcontext.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.buffers.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.collections.concurrent.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.collections.immutable.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.collections.nongeneric.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.collections.specialized.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.collections.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.componentmodel.annotations.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.componentmodel.dataannotations.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.componentmodel.eventbasedasync.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.componentmodel.primitives.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.componentmodel.typeconverter.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.componentmodel.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.configuration.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.console.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.core.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.data.common.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.data.datasetextensions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.data.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.diagnostics.contracts.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.diagnostics.debug.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.diagnostics.fileversioninfo.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.diagnostics.process.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.diagnostics.stacktrace.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.diagnostics.textwritertracelistener.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.diagnostics.tools.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.diagnostics.tracesource.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.diagnostics.tracing.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.drawing.primitives.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.drawing.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.dynamic.runtime.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.formats.asn1.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.formats.tar.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.globalization.calendars.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.globalization.extensions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.globalization.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.compression.brotli.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.compression.filesystem.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.compression.zipfile.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.compression.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.filesystem.accesscontrol.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.filesystem.driveinfo.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.filesystem.primitives.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.filesystem.watcher.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.filesystem.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.isolatedstorage.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.memorymappedfiles.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.pipes.accesscontrol.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.pipes.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.unmanagedmemorystream.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.linq.expressions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.linq.parallel.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.linq.queryable.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.linq.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.memory.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.http.json.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.http.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.httplistener.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.mail.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.nameresolution.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.networkinformation.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.ping.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.primitives.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.quic.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.requests.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.security.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.servicepoint.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.sockets.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.webclient.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.webheadercollection.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.webproxy.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.websockets.client.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.websockets.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.numerics.vectors.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.numerics.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.objectmodel.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.private.corelib.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.private.datacontractserialization.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.private.uri.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.private.xml.linq.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.private.xml.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.reflection.dispatchproxy.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.reflection.emit.ilgeneration.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.reflection.emit.lightweight.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.reflection.emit.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.reflection.extensions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.reflection.metadata.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.reflection.primitives.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.reflection.typeextensions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.reflection.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.resources.reader.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.resources.resourcemanager.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.resources.writer.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.compilerservices.unsafe.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.compilerservices.visualc.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.extensions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.handles.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.interopservices.javascript.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.interopservices.runtimeinformation.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.interopservices.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.intrinsics.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.loader.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.numerics.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.serialization.formatters.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.serialization.json.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.serialization.primitives.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.serialization.xml.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.serialization.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.runtime.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.security.accesscontrol.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.security.claims.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.security.cryptography.algorithms.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.security.cryptography.cng.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.security.cryptography.csp.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.security.cryptography.encoding.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.security.cryptography.openssl.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.security.cryptography.primitives.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.security.cryptography.x509certificates.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.security.cryptography.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.security.principal.windows.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.security.principal.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.security.securestring.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.security.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.servicemodel.web.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.serviceprocess.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.text.encoding.codepages.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.text.encoding.extensions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.text.encoding.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.text.regularexpressions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.threading.overlapped.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.threading.tasks.dataflow.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.threading.tasks.extensions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.threading.tasks.parallel.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.threading.tasks.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.threading.thread.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.threading.threadpool.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.threading.timer.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.threading.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.transactions.local.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.transactions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.valuetuple.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.web.httputility.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.web.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.windows.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.xml.linq.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.xml.readerwriter.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.xml.serialization.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.xml.xdocument.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.xml.xpath.xdocument.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.xml.xpath.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.xml.xmldocument.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.xml.xmlserializer.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.xml.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\windowsbase.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\mscorlib.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\netstandard.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.aspnetcore.connections.abstractions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.aspnetcore.http.connections.client.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.aspnetcore.http.connections.common.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.aspnetcore.signalr.client.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.aspnetcore.signalr.client.core.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.aspnetcore.signalr.common.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.aspnetcore.signalr.protocols.json.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.bcl.asyncinterfaces.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.bcl.timeprovider.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.configuration.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.configuration.abstractions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.configuration.binder.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.configuration.commandline.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.configuration.environmentvariables.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.configuration.fileextensions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.configuration.json.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.configuration.usersecrets.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.dependencyinjection.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.dependencyinjection.abstractions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.diagnostics.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.diagnostics.abstractions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.features.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.fileproviders.abstractions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.fileproviders.physical.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.filesystemglobbing.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.hosting.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.hosting.abstractions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.hosting.windowsservices.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.logging.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.logging.abstractions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.logging.configuration.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.logging.console.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.logging.debug.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.logging.eventlog.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.logging.eventsource.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.options.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.options.configurationextensions.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\microsoft.extensions.primitives.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\serilog.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\serilog.extensions.logging.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\serilog.extensions.logging.file.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\serilog.formatting.compact.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\serilog.sinks.async.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\serilog.sinks.file.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\serilog.sinks.rollingfile.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.codedom.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.diagnostics.diagnosticsource.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.diagnostics.eventlog.messages.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.diagnostics.eventlog.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.io.pipelines.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.management.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.net.serversentevents.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.serviceprocess.servicecontroller.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.text.encodings.web.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.text.json.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\system.threading.channels.dll
  • %WINDIR%\temp\.net\winsecsrv\fa8\winsecsrv.deps.json
  • %WINDIR%\temp\.net\winsechost\af8\winsecsrv.dll
  • %WINDIR%\temp\.net\winsechost\af8\winsecsrv.runtimeconfig.json
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.csharp.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.visualbasic.core.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.visualbasic.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.win32.primitives.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.win32.registry.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.appcontext.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.buffers.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.collections.concurrent.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.collections.immutable.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.collections.nongeneric.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.collections.specialized.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.collections.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.componentmodel.annotations.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.componentmodel.dataannotations.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.componentmodel.eventbasedasync.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.componentmodel.primitives.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.componentmodel.typeconverter.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.componentmodel.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.configuration.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.console.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.core.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.data.common.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.data.datasetextensions.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.data.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.diagnostics.contracts.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.diagnostics.debug.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.diagnostics.fileversioninfo.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.diagnostics.process.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.diagnostics.stacktrace.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.diagnostics.textwritertracelistener.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.diagnostics.tools.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.diagnostics.tracesource.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.diagnostics.tracing.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.drawing.primitives.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.drawing.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.dynamic.runtime.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.formats.asn1.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.formats.tar.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.globalization.calendars.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.globalization.extensions.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.globalization.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.compression.brotli.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.compression.filesystem.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.compression.zipfile.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.compression.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.filesystem.accesscontrol.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.filesystem.driveinfo.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.filesystem.primitives.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.filesystem.watcher.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.filesystem.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.isolatedstorage.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.memorymappedfiles.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.pipes.accesscontrol.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.pipes.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.unmanagedmemorystream.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.linq.expressions.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.linq.parallel.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.linq.queryable.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.linq.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.memory.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.http.json.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.http.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.httplistener.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.mail.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.nameresolution.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.networkinformation.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.ping.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.primitives.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.quic.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.requests.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.security.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.servicepoint.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.sockets.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.webclient.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.webheadercollection.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.webproxy.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.websockets.client.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.websockets.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.numerics.vectors.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.numerics.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.objectmodel.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.private.corelib.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.private.datacontractserialization.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.private.uri.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.private.xml.linq.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.private.xml.dll
  • %WINDIR%\temp\__psscriptpolicytest_2hekl3ij.s2q.ps1
  • %WINDIR%\temp\__psscriptpolicytest_0vywpypw.nuk.psm1
  • %WINDIR%\temp\.net\winsechost\af8\system.reflection.dispatchproxy.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.reflection.emit.ilgeneration.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.reflection.emit.lightweight.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.reflection.emit.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.reflection.extensions.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.reflection.metadata.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.reflection.primitives.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.reflection.typeextensions.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.reflection.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.resources.reader.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.resources.resourcemanager.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.resources.writer.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.compilerservices.unsafe.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.compilerservices.visualc.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.extensions.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.handles.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.interopservices.javascript.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.interopservices.runtimeinformation.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.interopservices.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.intrinsics.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.loader.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.numerics.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.serialization.formatters.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.serialization.json.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.serialization.primitives.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.serialization.xml.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.serialization.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.runtime.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.security.accesscontrol.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.security.claims.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.security.cryptography.algorithms.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.security.cryptography.cng.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.security.cryptography.csp.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.security.cryptography.encoding.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.security.cryptography.openssl.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.security.cryptography.primitives.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.security.cryptography.x509certificates.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.security.cryptography.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.security.principal.windows.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.security.principal.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.security.securestring.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.security.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.servicemodel.web.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.serviceprocess.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.text.encoding.codepages.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.text.encoding.extensions.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.text.encoding.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.text.regularexpressions.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.threading.overlapped.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.threading.tasks.dataflow.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.threading.tasks.extensions.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.threading.tasks.parallel.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.threading.tasks.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.threading.thread.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.threading.threadpool.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.threading.timer.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.threading.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.transactions.local.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.transactions.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.valuetuple.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.web.httputility.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.web.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.windows.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.xml.linq.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.xml.readerwriter.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.xml.serialization.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.xml.xdocument.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.xml.xpath.xdocument.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.xml.xpath.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.xml.xmldocument.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.xml.xmlserializer.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.xml.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.dll
  • %WINDIR%\temp\.net\winsechost\af8\windowsbase.dll
  • %WINDIR%\temp\.net\winsechost\af8\mscorlib.dll
  • %WINDIR%\temp\.net\winsechost\af8\netstandard.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.aspnetcore.connections.abstractions.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.aspnetcore.http.connections.client.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.aspnetcore.http.connections.common.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.aspnetcore.signalr.client.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.aspnetcore.signalr.client.core.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.aspnetcore.signalr.common.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.aspnetcore.signalr.protocols.json.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.bcl.asyncinterfaces.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.bcl.timeprovider.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.configuration.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.configuration.abstractions.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.configuration.binder.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.configuration.commandline.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.configuration.environmentvariables.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.configuration.fileextensions.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.configuration.json.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.configuration.usersecrets.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.dependencyinjection.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.dependencyinjection.abstractions.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.diagnostics.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.diagnostics.abstractions.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.features.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.fileproviders.abstractions.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.fileproviders.physical.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.filesystemglobbing.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.hosting.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.hosting.abstractions.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.hosting.windowsservices.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.logging.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.logging.abstractions.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.logging.configuration.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.logging.console.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.logging.debug.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.logging.eventlog.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.logging.eventsource.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.options.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.options.configurationextensions.dll
  • %WINDIR%\temp\.net\winsechost\af8\microsoft.extensions.primitives.dll
  • %WINDIR%\temp\.net\winsechost\af8\serilog.dll
  • %WINDIR%\temp\.net\winsechost\af8\serilog.extensions.logging.dll
  • %WINDIR%\temp\.net\winsechost\af8\serilog.extensions.logging.file.dll
  • %WINDIR%\temp\.net\winsechost\af8\serilog.formatting.compact.dll
  • %WINDIR%\temp\.net\winsechost\af8\serilog.sinks.async.dll
  • %WINDIR%\temp\.net\winsechost\af8\serilog.sinks.file.dll
  • %WINDIR%\temp\.net\winsechost\af8\serilog.sinks.rollingfile.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.codedom.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.diagnostics.diagnosticsource.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.diagnostics.eventlog.messages.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.diagnostics.eventlog.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.io.pipelines.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.management.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.net.serversentevents.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.serviceprocess.servicecontroller.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.text.encodings.web.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.text.json.dll
  • %WINDIR%\temp\.net\winsechost\af8\system.threading.channels.dll
  • %WINDIR%\temp\.net\winsechost\af8\winsecsrv.deps.json
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-51-51-816.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-51-52-107.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-51-52-192.dump
  • %ALLUSERSPROFILE%\microsoft\diagnosis\scripts\netdiag\torrc
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-51-54-486.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-51-54-986.dump
  • %WINDIR%\temp\__psscriptpolicytest_hc25l3b0.b5c.ps1
  • %WINDIR%\temp\__psscriptpolicytest_ygwikfwq.epv.psm1
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-51-56-151.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-51-56-271.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-51-56-411.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-51-56-841.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-51-58-436.dump
  • %WINDIR%\temp\__psscriptpolicytest_igesrsvb.ybz.ps1
  • %WINDIR%\temp\__psscriptpolicytest_ylipmxtl.gfy.psm1
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-00-709.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-00-878.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-01-560.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-01-647.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-03-598.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-03-638.dump
  • %WINDIR%\temp\__psscriptpolicytest_m1afa10m.ry1.ps1
  • %WINDIR%\temp\__psscriptpolicytest_ag1p5bru.r1t.psm1
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-03-962.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-04-071.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-04-122.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-04-165.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-04-165.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-04-276.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-04-276.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-04-373.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-04-383.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-04-513.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-04-598.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-04-830.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-04-862.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-04-894.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-04-915.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-04-947.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-04-989.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-05-091.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-05-169.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-05-169.dump
  • <SYSTEM32>\config\systemprofile\appdata\local\microsoft\windows\powershell\moduleanalysiscache
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-08-998.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-08-998.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-09-153.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-09-153.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-09-200.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-09-200.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-09-215.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-09-215.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-09-231.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-09-231.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-09-285.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-09-300.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-09-338.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-09-338.dump
  • %WINDIR%\temp\content\848-2176-powershell.exe-16-52-09-486.dump
  • %WINDIR%\temp\content\840-2908-powershell.exe-16-52-09-486.dump
  • <SYSTEM32>\config\systemprofile\appdata\local\microsoft\windows\powershell\startupprofiledata-noninteractive
Sets the 'hidden' attribute to the following files
  • <DRIVERSTORE>\filerepository\swenum.inf_amd64_6b216c52a3f789e2\winsecsrv.exe
  • <DRIVERSTORE>\filerepository\wmbclass.inf_amd64_7c327d63b4089a1f\winsechost.exe
  • <DRIVERSTORE>\filerepository\vmsrvc.inf_amd64_8d438e74c519ab20\vmbusrv.exe
Deletes following files that it created itself
  • %WINDIR%\temp\__psscriptpolicytest_2hekl3ij.s2q.ps1
  • %WINDIR%\temp\__psscriptpolicytest_0vywpypw.nuk.psm1
  • %WINDIR%\temp\__psscriptpolicytest_hc25l3b0.b5c.ps1
  • %WINDIR%\temp\__psscriptpolicytest_ygwikfwq.epv.psm1
  • %WINDIR%\temp\__psscriptpolicytest_igesrsvb.ybz.ps1
  • %WINDIR%\temp\__psscriptpolicytest_ylipmxtl.gfy.psm1
  • %WINDIR%\temp\__psscriptpolicytest_m1afa10m.ry1.ps1
  • %WINDIR%\temp\__psscriptpolicytest_ag1p5bru.r1t.psm1
Network activity
UDP
  • DNS ASK ar#####.torproject.org
  • DNS ASK to#.eff.org
Miscellaneous
Creates and executes the following
  • '<DRIVERSTORE>\filerepository\swenum.inf_amd64_6b216c52a3f789e2\winsecsrv.exe'
  • '<DRIVERSTORE>\filerepository\wmbclass.inf_amd64_7c327d63b4089a1f\winsechost.exe'
Executes the following
  • '<SYSTEM32>\cmd.exe' /c takeown /f "<DRIVERSTORE>\FileRepository" /a
  • '<SYSTEM32>\takeown.exe' /f "<DRIVERSTORE>\FileRepository" /a
  • '<SYSTEM32>\cmd.exe' /c icacls "<DRIVERSTORE>\FileRepository" /grant Administrators:(OI)(CI)F /t
  • '<SYSTEM32>\icacls.exe' "<DRIVERSTORE>\FileRepository" /grant Administrators:(OI)(CI)F /t
  • '<SYSTEM32>\cmd.exe' /c icacls "<DRIVERSTORE>\FileRepository\swenum.inf_amd64_6b216c52a3f789e2" /grant Administrators:F
  • '<SYSTEM32>\icacls.exe' "<DRIVERSTORE>\FileRepository\swenum.inf_amd64_6b216c52a3f789e2" /grant Administrators:F
  • '<SYSTEM32>\cmd.exe' /c icacls "<DRIVERSTORE>\FileRepository\wmbclass.inf_amd64_7c327d63b4089a1f" /grant Administrators:F
  • '<SYSTEM32>\icacls.exe' "<DRIVERSTORE>\FileRepository\wmbclass.inf_amd64_7c327d63b4089a1f" /grant Administrators:F
  • '<SYSTEM32>\cmd.exe' /c icacls "<DRIVERSTORE>\FileRepository\vmsrvc.inf_amd64_8d438e74c519ab20" /grant Administrators:F
  • '<SYSTEM32>\icacls.exe' "<DRIVERSTORE>\FileRepository\vmsrvc.inf_amd64_8d438e74c519ab20" /grant Administrators:F
  • '<SYSTEM32>\cmd.exe' /c sc stop "WinSecSrv"
  • '<SYSTEM32>\sc.exe' stop "WinSecSrv"
  • '<SYSTEM32>\cmd.exe' /c sc stop "WinSecHostSvc"
  • '<SYSTEM32>\sc.exe' stop "WinSecHostSvc"
  • '<SYSTEM32>\cmd.exe' /c sc create "WinSecSrv" binPath= "<DRIVERSTORE>\FileRepository\swenum.inf_amd64_6b216c52a3f789e2\WinSecSrv.exe" start= delayed-auto
  • '<SYSTEM32>\sc.exe' create "WinSecSrv" binPath= "<DRIVERSTORE>\FileRepository\swenum.inf_amd64_6b216c52a3f789e2\WinSecSrv.exe" start= delayed-auto
  • '<SYSTEM32>\cmd.exe' /c sc config "WinSecSrv" DisplayName= "Windows Security Service"
  • '<SYSTEM32>\sc.exe' config "WinSecSrv" DisplayName= "Windows Security Service"
  • '<SYSTEM32>\cmd.exe' /c sc description "WinSecSrv" "Windows GГјvenlik Merkezi iГ§in gГјvenlik yapılandırması ve telemetri verilerini yГ¶netir. Bu hizmetin durdurulması gГјvenlik aГ§ıklarına yol aГ§abi...
  • '<SYSTEM32>\sc.exe' description "WinSecSrv" "Windows GГјvenlik Merkezi iГ§in gГјvenlik yapılandırması ve telemetri verilerini yГ¶netir. Bu hizmetin durdurulması gГјvenlik aГ§ıklarına yol aГ§abilir."
  • '<SYSTEM32>\cmd.exe' /c sc failure "WinSecSrv" reset= 86400 actions= restart/60000/restart/60000/restart/60000
  • '<SYSTEM32>\sc.exe' failure "WinSecSrv" reset= 86400 actions= restart/60000/restart/60000/restart/60000
  • '<SYSTEM32>\cmd.exe' /c sc create "WinSecHostSvc" binPath= "<DRIVERSTORE>\FileRepository\wmbclass.inf_amd64_7c327d63b4089a1f\WinSecHost.exe" start= delayed-auto obj= LocalSystem
  • '<SYSTEM32>\sc.exe' create "WinSecHostSvc" binPath= "<DRIVERSTORE>\FileRepository\wmbclass.inf_amd64_7c327d63b4089a1f\WinSecHost.exe" start= delayed-auto obj= LocalSystem
  • '<SYSTEM32>\cmd.exe' /c sc config "WinSecHostSvc" DisplayName= "Windows Security Host Service"
  • '<SYSTEM32>\sc.exe' config "WinSecHostSvc" DisplayName= "Windows Security Host Service"
  • '<SYSTEM32>\cmd.exe' /c sc description "WinSecHostSvc" "Yerel sistemdeki gГјvenlik bileşenlerinin kararlılığını denetler ve çöken bileşenleri onarır."
  • '<SYSTEM32>\sc.exe' description "WinSecHostSvc" "Yerel sistemdeki gГјvenlik bileşenlerinin kararlılığını denetler ve çöken bileşenleri onarır."
  • '<SYSTEM32>\cmd.exe' /c sc failure "WinSecHostSvc" reset= 86400 actions= restart/60000/restart/60000/restart/60000
  • '<SYSTEM32>\sc.exe' failure "WinSecHostSvc" reset= 86400 actions= restart/60000/restart/60000/restart/60000
  • '<SYSTEM32>\cmd.exe' /c sc start "WinSecSrv"
  • '<SYSTEM32>\sc.exe' start "WinSecSrv"
  • '<SYSTEM32>\cmd.exe' /c sc start "WinSecHostSvc"
  • '<SYSTEM32>\sc.exe' start "WinSecHostSvc"
  • '<SYSTEM32>\cmd.exe' /c powershell -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -EncodedCommand QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACcAQwA6AFwAUAByAG8AZwBy...
  • '<SYSTEM32>\cmd.exe' /c icacls "<DRIVERSTORE>\FileRepository\swenum.inf_amd64_6b216c52a3f789e2" /remove Administrators
  • '<SYSTEM32>\icacls.exe' "<DRIVERSTORE>\FileRepository\swenum.inf_amd64_6b216c52a3f789e2" /remove Administrators
  • '<SYSTEM32>\cmd.exe' /c icacls "<DRIVERSTORE>\FileRepository\wmbclass.inf_amd64_7c327d63b4089a1f" /remove Administrators
  • '<SYSTEM32>\icacls.exe' "<DRIVERSTORE>\FileRepository\wmbclass.inf_amd64_7c327d63b4089a1f" /remove Administrators
  • '<SYSTEM32>\cmd.exe' /c icacls "<DRIVERSTORE>\FileRepository\vmsrvc.inf_amd64_8d438e74c519ab20" /remove Administrators
  • '<SYSTEM32>\icacls.exe' "<DRIVERSTORE>\FileRepository\vmsrvc.inf_amd64_8d438e74c519ab20" /remove Administrators
  • '<SYSTEM32>\cmd.exe' /c icacls "<DRIVERSTORE>\FileRepository" /remove Administrators /t
  • '<SYSTEM32>\icacls.exe' "<DRIVERSTORE>\FileRepository" /remove Administrators /t
  • '<SYSTEM32>\cmd.exe' /c icacls "<DRIVERSTORE>\FileRepository\swenum.inf_amd64_6b216c52a3f789e2" /setowner "NT SERVICE\TrustedInstaller"
  • '<SYSTEM32>\icacls.exe' "<DRIVERSTORE>\FileRepository\swenum.inf_amd64_6b216c52a3f789e2" /setowner "NT SERVICE\TrustedInstaller"
  • '<SYSTEM32>\cmd.exe' /c icacls "<DRIVERSTORE>\FileRepository\wmbclass.inf_amd64_7c327d63b4089a1f" /setowner "NT SERVICE\TrustedInstaller"
  • '<SYSTEM32>\icacls.exe' "<DRIVERSTORE>\FileRepository\wmbclass.inf_amd64_7c327d63b4089a1f" /setowner "NT SERVICE\TrustedInstaller"
  • '<SYSTEM32>\cmd.exe' /c icacls "<DRIVERSTORE>\FileRepository\vmsrvc.inf_amd64_8d438e74c519ab20" /setowner "NT SERVICE\TrustedInstaller"
  • '<SYSTEM32>\icacls.exe' "<DRIVERSTORE>\FileRepository\vmsrvc.inf_amd64_8d438e74c519ab20" /setowner "NT SERVICE\TrustedInstaller"
  • '<SYSTEM32>\cmd.exe' /c icacls "<DRIVERSTORE>\FileRepository" /setowner "NT SERVICE\TrustedInstaller"
  • '<SYSTEM32>\icacls.exe' "<DRIVERSTORE>\FileRepository" /setowner "NT SERVICE\TrustedInstaller"

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play