Trojan.Inject4.31909

Technical Information

Malicious functions

Injects code into

the following user processes:

audio hd control.exe

Modifies file system

Creates the following files

%APPDATA%\audio hd control.exe

Sets the 'hidden' attribute to the following files

<Full path to file>
%APPDATA%\audio hd control.exe

Moves the following files

from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\google chrome.lnk to %APPDATA%\random\google chrome.lnk
from C:\users\public\desktop\opera.lnk to %APPDATA%\random\default\opera.lnk
from C:\users\public\desktop\mozilla thunderbird.lnk to %APPDATA%\random\default\mozilla thunderbird.lnk
from C:\users\public\desktop\mozilla firefox.lnk to %APPDATA%\random\default\mozilla firefox.lnk
from C:\users\public\desktop\mirc.lnk to %APPDATA%\random\default\mirc.lnk
from C:\users\public\desktop\google chrome.lnk to %APPDATA%\random\default\google chrome.lnk
from C:\users\public\desktop\acrobat reader dc.lnk to %APPDATA%\random\default\acrobat reader dc.lnk
from %HOMEPATH%\desktop\total commander 64 bit.lnk to %APPDATA%\random\default\total commander 64 bit.lnk
from %HOMEPATH%\desktop\telegram.lnk to %APPDATA%\random\default\telegram.lnk
from %HOMEPATH%\desktop\qip 2012.lnk to %APPDATA%\random\default\qip 2012.lnk
from %HOMEPATH%\desktop\mail.ru agent.lnk to %APPDATA%\random\default\mail.ru agent.lnk
from %HOMEPATH%\desktop\icq.lnk to %APPDATA%\random\default\icq.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\window switcher.lnk to %APPDATA%\random\optional\window switcher.lnk
from C:\users\public\desktop\steam.lnk to %APPDATA%\random\default\steam.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\winamp.lnk to %APPDATA%\random\optional\winamp.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\qip 2012.lnk to %APPDATA%\random\optional\qip 2012.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\mozilla thunderbird.lnk to %APPDATA%\random\optional\mozilla thunderbird.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\mail.ru agent.lnk to %APPDATA%\random\optional\mail.ru agent.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk to %APPDATA%\random\optional\launch internet explorer browser.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\icq.lnk to %APPDATA%\random\optional\icq.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\google chrome.lnk to %APPDATA%\random\optional\google chrome.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\windows media player.lnk to %APPDATA%\random\windows media player.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\windows explorer.lnk to %APPDATA%\random\windows explorer.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\opera.lnk to %APPDATA%\random\opera.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\mail.ru agent.lnk to %APPDATA%\random\mail.ru agent.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk to %APPDATA%\random\internet explorer.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\icq.lnk to %APPDATA%\random\icq.lnk
from %APPDATA%\microsoft\internet explorer\quick launch\shows desktop.lnk to %APPDATA%\random\optional\shows desktop.lnk
from C:\users\public\desktop\winamp.lnk to %APPDATA%\random\default\winamp.lnk

Network activity

Connects to

'an#####is1.duckdns.org':3333
'an#####is11.duckdns.org':3333
'an######s111.duckdns.org':3333

UDP

DNS ASK an#####is1.duckdns.org
DNS ASK an#####is11.duckdns.org
DNS ASK an######s111.duckdns.org

Miscellaneous

Creates and executes the following

'%APPDATA%\audio hd control.exe'
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESCB.tmp" "%TEMP%\vbc691B730337884A3FB175DFE0809742F7.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\dqnbrjl3.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES859.tmp" "%TEMP%\vbc3AC342D9E2E49B7BE1280A6177E826.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\shw2g12e.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESEBF.tmp" "%TEMP%\vbc8B27D5FB9ECF455EAD3F5A7ED61BA97.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\wejbffhr.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES146A.tmp" "%TEMP%\vbc3C550683493D435BB45D31C38CF48D5.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\yptpc4ds.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES19B7.tmp" "%TEMP%\vbcB3A0278C6A6641A9BB77C434EB6FECD.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\xsdz2lux.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES1F71.tmp" "%TEMP%\vbcE95E09C68B704E42BEF02CAB9FF6E7.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2625.tmp" "%TEMP%\vbc1ED9284E977648548A62D99EEC5FE241.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES473C.tmp" "%TEMP%\vbc8D5A7B82109644E2B32EF236D55C640.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\akbkjdbc.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2CD9.tmp" "%TEMP%\vbcEE9678F9FB334113A37734659DE7ABD2.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\posnmqdq.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES32D2.tmp" "%TEMP%\vbcC10803B1B6E4823A69141E14124670.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\5liywx00.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES37F1.tmp" "%TEMP%\vbcD71DBFA231584D26B2B935F05D3EBA21.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\sv1crm5r.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3CF0.tmp" "%TEMP%\vbcBFB3C4ACCFEF400692737B2F118F70DA.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\hvoc4erf.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES41B1.tmp" "%TEMP%\vbc78812CB1F79A4D43AA74D7924687A8D.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\sskgzfv5.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\buz4r0ps.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\iygumga0.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESFAA3.tmp" "%TEMP%\vbc42F15E9951CC4A0196E5EEF166BB436C.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\jhmrwu02.cmdline"' (with hidden window)
'%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn "Audio HD Control" /tr "%APPDATA%\Audio HD Control.exe"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\nsuco4lk.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESAA14.tmp" "%TEMP%\vbcA999B6DCACC947D084AE665B268149D7.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\rytjhdz5.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESB24E.tmp" "%TEMP%\vbcBE178302708D4E988D874705D8E8673.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\onslc1tb.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESB98E.tmp" "%TEMP%\vbc88633440608A419F98912B1DE6132F60.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\a0sl0xbj.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESC081.tmp" "%TEMP%\vbc65CC5634CC7848F0B6A0E03D5132C72.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\2evemepk.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESC84D.tmp" "%TEMP%\vbcDB945B6D900E4FEFBAD8221213181EB.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESD049.tmp" "%TEMP%\vbc4AEC3CD6B4424DFAB4173251CF88BEA7.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESF4BA.tmp" "%TEMP%\vbcA373A385DA94854988B2AA4E8F1F33.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\gtw4sqae.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESD7D7.tmp" "%TEMP%\vbc112B641E320946F8BF93CC464B2D4ED.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\kbaf21g2.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESDDFF.tmp" "%TEMP%\vbcBA0363FDACF94ED881679699777FF40.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\1dneqftn.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE417.tmp" "%TEMP%\vbc41D148BDDAC44E6DB0E4E347F8F9B093.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\t424etst.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE9B2.tmp" "%TEMP%\vbc8676F75272824C4EADABB44C14AA3295.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\1f0r1wjk.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESEF4D.tmp" "%TEMP%\vbc4F1CB9C6DAA44BA09CB7EC58C2B4EC9.TMP"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\fm1vxyv5.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\v2gdxiyg.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\0zonbg0p.cmdline"' (with hidden window)

Executes the following

'%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn "Audio HD Control" /tr "%APPDATA%\Audio HD Control.exe"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES859.tmp" "%TEMP%\vbc3AC342D9E2E49B7BE1280A6177E826.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\shw2g12e.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESEBF.tmp" "%TEMP%\vbc8B27D5FB9ECF455EAD3F5A7ED61BA97.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\wejbffhr.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES146A.tmp" "%TEMP%\vbc3C550683493D435BB45D31C38CF48D5.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\yptpc4ds.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES19B7.tmp" "%TEMP%\vbcB3A0278C6A6641A9BB77C434EB6FECD.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\xsdz2lux.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES1F71.tmp" "%TEMP%\vbcE95E09C68B704E42BEF02CAB9FF6E7.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\iygumga0.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\gtw4sqae.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2625.tmp" "%TEMP%\vbc1ED9284E977648548A62D99EEC5FE241.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2CD9.tmp" "%TEMP%\vbcEE9678F9FB334113A37734659DE7ABD2.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\posnmqdq.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES32D2.tmp" "%TEMP%\vbcC10803B1B6E4823A69141E14124670.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\5liywx00.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES37F1.tmp" "%TEMP%\vbcD71DBFA231584D26B2B935F05D3EBA21.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\sv1crm5r.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3CF0.tmp" "%TEMP%\vbcBFB3C4ACCFEF400692737B2F118F70DA.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\hvoc4erf.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES41B1.tmp" "%TEMP%\vbc78812CB1F79A4D43AA74D7924687A8D.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\sskgzfv5.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESCB.tmp" "%TEMP%\vbc691B730337884A3FB175DFE0809742F7.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\dqnbrjl3.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\buz4r0ps.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESFAA3.tmp" "%TEMP%\vbc42F15E9951CC4A0196E5EEF166BB436C.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\v2gdxiyg.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESAA14.tmp" "%TEMP%\vbcA999B6DCACC947D084AE665B268149D7.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\rytjhdz5.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESB24E.tmp" "%TEMP%\vbcBE178302708D4E988D874705D8E8673.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\onslc1tb.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESB98E.tmp" "%TEMP%\vbc88633440608A419F98912B1DE6132F60.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\a0sl0xbj.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESC081.tmp" "%TEMP%\vbc65CC5634CC7848F0B6A0E03D5132C72.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\2evemepk.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESC84D.tmp" "%TEMP%\vbcDB945B6D900E4FEFBAD8221213181EB.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\jhmrwu02.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES473C.tmp" "%TEMP%\vbc8D5A7B82109644E2B32EF236D55C640.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\akbkjdbc.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESD049.tmp" "%TEMP%\vbc4AEC3CD6B4424DFAB4173251CF88BEA7.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\kbaf21g2.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESDDFF.tmp" "%TEMP%\vbcBA0363FDACF94ED881679699777FF40.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\1dneqftn.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE417.tmp" "%TEMP%\vbc41D148BDDAC44E6DB0E4E347F8F9B093.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\t424etst.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE9B2.tmp" "%TEMP%\vbc8676F75272824C4EADABB44C14AA3295.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\1f0r1wjk.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESEF4D.tmp" "%TEMP%\vbc4F1CB9C6DAA44BA09CB7EC58C2B4EC9.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\fm1vxyv5.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESF4BA.tmp" "%TEMP%\vbcA373A385DA94854988B2AA4E8F1F33.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\nsuco4lk.cmdline"
'%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESD7D7.tmp" "%TEMP%\vbc112B641E320946F8BF93CC464B2D4ED.TMP"
'%WINDIR%\microsoft.net\framework\v4.0.30319\vbc.exe' /noconfig @"%TEMP%\0zonbg0p.cmdline"

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней