Trojan.DownLoader30.29976

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CISCO' = '%APPDATA%\CISCO.exe'

Creates or modifies the following files

%APPDATA%\microsoft\windows\start menu\programs\startup\cisco.exe
%APPDATA%\microsoft\windows\start menu\programs\startup\cisco.lnk
<SYSTEM32>\tasks\cisco

Modifies file system

Creates the following files

%APPDATA%\cisco.exe
%TEMP%\hwyoa_jv.0.vb
%TEMP%\hwyoa_jv.cmdline
%TEMP%\hwyoa_jv.out
%TEMP%\vbc22c7.tmp
%TEMP%\res22d8.tmp
%APPDATA%\cisco\windows explorer.exe
%TEMP%\r_g8i3um.0.vb
%TEMP%\r_g8i3um.cmdline
%TEMP%\r_g8i3um.out
%TEMP%\vbc2671.tmp
%TEMP%\res2672.tmp
%APPDATA%\cisco\windows media player.exe
%TEMP%\ypenyscb.0.vb
%TEMP%\ypenyscb.cmdline
%TEMP%\ypenyscb.out
%TEMP%\vbc2a1a.tmp
%TEMP%\res2a1b.tmp
%TEMP%\0bxvuhx3.0.vb
%APPDATA%\cisco\cisco\launch internet explorer browser.exe
%TEMP%\res3391.tmp
%TEMP%\vbc3390.tmp
%TEMP%\m1liwign.out
%TEMP%\m1liwign.cmdline
%APPDATA%\cisco\cisco\icq.exe
%TEMP%\m1liwign.0.vb
%TEMP%\res2d67.tmp
%TEMP%\vbc2d56.tmp
%TEMP%\3az-tsqi.out
%TEMP%\3az-tsqi.cmdline
%TEMP%\3az-tsqi.0.vb
%APPDATA%\cisco\cisco\google chrome.exe
%TEMP%\0bxvuhx3.cmdline
%APPDATA%\cisco\opera.exe
%TEMP%\res1f0f.tmp
%TEMP%\vbc1f0e.tmp
%TEMP%\ewjvbanb.0.vb
%TEMP%\ewjvbanb.cmdline
%TEMP%\ewjvbanb.out
%TEMP%\vbc898.tmp
%TEMP%\res899.tmp
%TEMP%\i0f206qt.0.vb
%TEMP%\i0f206qt.cmdline
%TEMP%\i0f206qt.out
%TEMP%\vbcd2c.tmp
%TEMP%\resd2d.tmp
%APPDATA%\cisco\google chrome.exe
%TEMP%\yuz_de-0.0.vb
%TEMP%\yuz_de-0.cmdline
%TEMP%\yuz_de-0.out
%TEMP%\vbc11fe.tmp
%TEMP%\res11ff.tmp
%APPDATA%\cisco\icq.exe
%TEMP%\thjeuehv.cmdline
%TEMP%\thjeuehv.0.vb
%APPDATA%\cisco\mail.ru agent.exe
%TEMP%\res1b46.tmp
%TEMP%\vbc1b45.tmp
%TEMP%\frrtufbd.out
%TEMP%\frrtufbd.0.vb
%TEMP%\frrtufbd.cmdline
%APPDATA%\cisco\internet explorer.exe
%TEMP%\res157a.tmp
%TEMP%\vbc1579.tmp
%TEMP%\kidxpwg5.out
%TEMP%\kidxpwg5.cmdline
%TEMP%\kidxpwg5.0.vb
%TEMP%\thjeuehv.out
%TEMP%\0bxvuhx3.out

Deletes the following files

%APPDATA%\microsoft\windows\start menu\programs\startup\cisco.exe
%TEMP%\vbc22c7.tmp
%TEMP%\hwyoa_jv.0.vb
%TEMP%\hwyoa_jv.out
%TEMP%\hwyoa_jv.cmdline
%TEMP%\res2672.tmp
%TEMP%\vbc2671.tmp
%TEMP%\r_g8i3um.cmdline
%TEMP%\r_g8i3um.0.vb
%TEMP%\r_g8i3um.out
%TEMP%\res2a1b.tmp
%TEMP%\vbc2a1a.tmp
%TEMP%\ypenyscb.0.vb
%TEMP%\ypenyscb.out
%TEMP%\ypenyscb.cmdline
%TEMP%\res2d67.tmp
%TEMP%\vbc2d56.tmp
%TEMP%\3az-tsqi.cmdline
%TEMP%\3az-tsqi.out
%TEMP%\3az-tsqi.0.vb
%TEMP%\res3391.tmp
%TEMP%\vbc3390.tmp
%TEMP%\m1liwign.out
%TEMP%\m1liwign.cmdline
%TEMP%\m1liwign.0.vb
%TEMP%\0bxvuhx3.cmdline
%TEMP%\0bxvuhx3.0.vb
%TEMP%\0bxvuhx3.out
%TEMP%\res22d8.tmp
%APPDATA%\cisco\cisco\icq.exe
%TEMP%\thjeuehv.0.vb
%TEMP%\thjeuehv.out
%TEMP%\res899.tmp
%TEMP%\vbc898.tmp
%TEMP%\ewjvbanb.cmdline
%TEMP%\ewjvbanb.out
%TEMP%\ewjvbanb.0.vb
%TEMP%\resd2d.tmp
%TEMP%\vbcd2c.tmp
%TEMP%\i0f206qt.cmdline
%TEMP%\i0f206qt.0.vb
%TEMP%\i0f206qt.out
%TEMP%\res11ff.tmp
%TEMP%\vbc11fe.tmp
%TEMP%\yuz_de-0.cmdline
%TEMP%\yuz_de-0.out
%TEMP%\yuz_de-0.0.vb
%TEMP%\res157a.tmp
%TEMP%\vbc1579.tmp
%TEMP%\kidxpwg5.cmdline
%TEMP%\kidxpwg5.0.vb
%TEMP%\kidxpwg5.out
%TEMP%\res1b46.tmp
%TEMP%\vbc1b45.tmp
%TEMP%\frrtufbd.cmdline
%TEMP%\frrtufbd.out
%TEMP%\frrtufbd.0.vb
%TEMP%\res1f0f.tmp
%TEMP%\vbc1f0e.tmp
%TEMP%\thjeuehv.cmdline
%APPDATA%\cisco\cisco\google chrome.exe

Moves the following files

from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\google chrome.lnk to %APPDATA%\cisco\google chrome.lnk
from C:\users\public\desktop\acrobat reader dc.lnk to %APPDATA%\cisco\cisco\acrobat reader dc.lnk
from %HOMEPATH%\desktop\total commander 64 bit.lnk to %APPDATA%\cisco\cisco\total commander 64 bit.lnk
from %HOMEPATH%\desktop\telegram.lnk to %APPDATA%\cisco\cisco\telegram.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\window switcher.lnk to %APPDATA%\cisco\cisco\window switcher.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\winamp.lnk to %APPDATA%\cisco\cisco\winamp.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\shows desktop.lnk to %APPDATA%\cisco\cisco\shows desktop.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\qip 2012.lnk to %APPDATA%\cisco\cisco\qip 2012.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\mozilla thunderbird.lnk to %APPDATA%\cisco\cisco\mozilla thunderbird.lnk
from C:\users\public\desktop\mirc.lnk to %APPDATA%\cisco\cisco\mirc.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\mail.ru agent.lnk to %APPDATA%\cisco\cisco\mail.ru agent.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\icq.lnk to %APPDATA%\cisco\cisco\icq.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\google chrome.lnk to %APPDATA%\cisco\cisco\google chrome.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\windows media player.lnk to %APPDATA%\cisco\windows media player.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\windows explorer.lnk to %APPDATA%\cisco\windows explorer.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\opera.lnk to %APPDATA%\cisco\opera.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\mail.ru agent.lnk to %APPDATA%\cisco\mail.ru agent.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk to %APPDATA%\cisco\internet explorer.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\icq.lnk to %APPDATA%\cisco\icq.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk to %APPDATA%\cisco\cisco\launch internet explorer browser.lnk
from C:\users\public\desktop\mozilla firefox.lnk to %APPDATA%\cisco\cisco\mozilla firefox.lnk

Substitutes the following files

%APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ICQ.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mail.Ru Agent.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\ICQ.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\Mail.Ru Agent.lnk

Network activity

UDP

DNS ASK pe####no.ddns.net

Miscellaneous

Creates and executes the following

'%APPDATA%\cisco.exe'
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4DD0.tmp" "%TEMP%\vbc4DB0.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\a4szfl0u.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5419.tmp" "%TEMP%\vbc5418.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\jb-gzn9u.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES55DE.tmp" "%TEMP%\vbc55DD.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\xpdx495b.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5811.tmp" "%TEMP%\vbc5810.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\bwpcnvsw.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES59E6.tmp" "%TEMP%\vbc59E5.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4C2A.tmp" "%TEMP%\vbc4C29.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\b-c3ftun.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\uva-a9vf.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5F73.tmp" "%TEMP%\vbc5F63.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\eq_9nrqj.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6148.tmp" "%TEMP%\vbc6147.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\akqpjaeb.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES63C9.tmp" "%TEMP%\vbc63B8.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\3bwdqqyl.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES655F.tmp" "%TEMP%\vbc655E.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ikyms0hp.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6792.tmp" "%TEMP%\vbc6791.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5BF9.tmp" "%TEMP%\vbc5BF8.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\qvxizfeu.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\2rvs53fp.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3EFB.tmp" "%TEMP%\vbc3ECB.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\0bxvuhx3.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES899.tmp" "%TEMP%\vbc898.tmp"' (with hidden window)
'<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn "CISCO" /tr "%APPDATA%\CISCO.exe"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\i0f206qt.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESD2D.tmp" "%TEMP%\vbcD2C.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\yuz_de-0.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES11FF.tmp" "%TEMP%\vbc11FE.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\kidxpwg5.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES157A.tmp" "%TEMP%\vbc1579.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\frrtufbd.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES1B46.tmp" "%TEMP%\vbc1B45.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ewjvbanb.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\thjeuehv.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\hwyoa_jv.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES22D8.tmp" "%TEMP%\vbc22C7.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\r_g8i3um.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2672.tmp" "%TEMP%\vbc2671.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ypenyscb.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2A1B.tmp" "%TEMP%\vbc2A1A.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\3az-tsqi.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2D67.tmp" "%TEMP%\vbc2D56.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\m1liwign.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3391.tmp" "%TEMP%\vbc3390.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES1F0F.tmp" "%TEMP%\vbc1F0E.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\sozxrtyh.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6ADD.tmp" "%TEMP%\vbc6ADC.tmp"' (with hidden window)

Executes the following

'%WINDIR%\microsoft.net\framework64\v2.0.50727\dw20.exe' -x -s 612
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4C2A.tmp" "%TEMP%\vbc4C29.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\b-c3ftun.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4DD0.tmp" "%TEMP%\vbc4DB0.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\a4szfl0u.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5419.tmp" "%TEMP%\vbc5418.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\jb-gzn9u.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES55DE.tmp" "%TEMP%\vbc55DD.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\xpdx495b.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5811.tmp" "%TEMP%\vbc5810.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\bwpcnvsw.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES59E6.tmp" "%TEMP%\vbc59E5.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\uva-a9vf.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5BF9.tmp" "%TEMP%\vbc5BF8.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\qvxizfeu.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5F73.tmp" "%TEMP%\vbc5F63.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\eq_9nrqj.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6148.tmp" "%TEMP%\vbc6147.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\akqpjaeb.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES63C9.tmp" "%TEMP%\vbc63B8.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\3bwdqqyl.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES655F.tmp" "%TEMP%\vbc655E.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ikyms0hp.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6792.tmp" "%TEMP%\vbc6791.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\2rvs53fp.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\sozxrtyh.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3EFB.tmp" "%TEMP%\vbc3ECB.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3391.tmp" "%TEMP%\vbc3390.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\dw20.exe' -x -s 724
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ewjvbanb.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES899.tmp" "%TEMP%\vbc898.tmp"
'<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn "CISCO" /tr "%APPDATA%\CISCO.exe"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\i0f206qt.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESD2D.tmp" "%TEMP%\vbcD2C.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\yuz_de-0.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES11FF.tmp" "%TEMP%\vbc11FE.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\kidxpwg5.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES157A.tmp" "%TEMP%\vbc1579.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\frrtufbd.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES1B46.tmp" "%TEMP%\vbc1B45.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\thjeuehv.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES1F0F.tmp" "%TEMP%\vbc1F0E.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\hwyoa_jv.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES22D8.tmp" "%TEMP%\vbc22C7.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\r_g8i3um.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2672.tmp" "%TEMP%\vbc2671.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ypenyscb.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2A1B.tmp" "%TEMP%\vbc2A1A.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\3az-tsqi.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2D67.tmp" "%TEMP%\vbc2D56.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\m1liwign.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\0bxvuhx3.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6ADD.tmp" "%TEMP%\vbc6ADC.tmp"

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней