Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}' = '"%ALLUSERSPROFILE%\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\v...
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '{01db25f3-1b76-4d97-88c8-1c90634d88fb}' = '"%ALLUSERSPROFILE%\Application Data\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\v...
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] '{615bc16d-60f5-482e-91b3-b51d8130963b}' = '"%ALLUSERSPROFILE%\Application Data\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\v...
- [<HKLM>\System\CurrentControlSet\Services\WebSiteMonitorManagerService] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\WebSiteMonitorManagerService] 'ImagePath' = 'C:\Argos\Agent\Win\WebSiteMonitorManager.exe'
- [<HKLM>\System\CurrentControlSet\Services\WebSiteMonitorWatcherService] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\WebSiteMonitorWatcherService] 'ImagePath' = 'C:\Argos\Agent\Win\WebSiteMonitorWatcher.exe'
- [<HKLM>\System\CurrentControlSet\Services\WebSiteMonitorWebService] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\WebSiteMonitorWebService] 'ImagePath' = 'C:\Argos\Agent\Win\WebSiteMonitorWebService.exe'
- %TEMP%\nsc2.tmp\nsscm.dll
- %TEMP%\nsc2.tmp\ns12.tmp
- %TEMP%\nsc2.tmp\ns13.tmp
- %TEMP%\nsc2.tmp\ns14.tmp
- %TEMP%\nsc2.tmp\ns15.tmp
- %TEMP%\nsc2.tmp\ns16.tmp
- %TEMP%\nsc2.tmp\ns17.tmp
- %TEMP%\nsc2.tmp\ns21.tmp
- %TEMP%\nsc2.tmp\ns18.tmp
- %TEMP%\nsc2.tmp\ns1a.tmp
- %TEMP%\nsc2.tmp\ns1b.tmp
- %TEMP%\nsc2.tmp\ns1c.tmp
- %TEMP%\nsc2.tmp\ns1d.tmp
- %TEMP%\nsc2.tmp\ns1e.tmp
- %TEMP%\nsc2.tmp\ns1f.tmp
- %TEMP%\nsc2.tmp\ns10.tmp
- %TEMP%\nsc2.tmp\ns11.tmp
- %TEMP%\nsc2.tmp\ns19.tmp
- %TEMP%\nsc2.tmp\ns20.tmp
- %TEMP%\nsc2.tmp\nsd.tmp
- %TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\wixstdba.dll
- %TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\thm.xml
- %TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\thm.wxl
- %TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\logo.png
- %TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\license.rtf
- %TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\bootstrapperapplicationdata.xml
- %TEMP%\dd_vcredist_x86_20190930235701.log
- %TEMP%\nsc2.tmp\ns7.tmp
- %TEMP%\nsc2.tmp\ns8.tmp
- %TEMP%\nsc2.tmp\ns9.tmp
- %TEMP%\nsc2.tmp\nsa.tmp
- %TEMP%\nsc2.tmp\nsb.tmp
- %TEMP%\nsc2.tmp\nsc.tmp
- %TEMP%\nsc2.tmp\nse.tmp
- %TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\bootstrapperapplicationdata.xml
- %TEMP%\nsc2.tmp\nsf.tmp
- C:\argos\agent\win\log4net.xml
- %TEMP%\nsc2.tmp\ns22.tmp
- %WINDIR%\temp\mez0fdhn.cmdline
- %WINDIR%\temp\csc2d.tmp
- %WINDIR%\temp\res2e.tmp
- %WINDIR%\temp\mez0fdhn.dll
- %WINDIR%\temp\ia3uvj1g.0.cs
- %WINDIR%\temp\ia3uvj1g.cmdline
- %WINDIR%\temp\ia3uvj1g.out
- %TEMP%\nsc2.tmp\ns23.tmp
- %WINDIR%\temp\csc2f.tmp
- %WINDIR%\temp\ia3uvj1g.dll
- %WINDIR%\temp\gmgo1kr3.0.cs
- %WINDIR%\temp\gmgo1kr3.cmdline
- %WINDIR%\temp\gmgo1kr3.out
- %WINDIR%\temp\csc31.tmp
- %WINDIR%\temp\mez0fdhn.0.cs
- %WINDIR%\temp\fzbxfftq.dll
- %WINDIR%\temp\mez0fdhn.out
- %WINDIR%\temp\res2c.tmp
- %WINDIR%\temp\csc2b.tmp
- %TEMP%\nsc2.tmp\ns24.tmp
- %TEMP%\nsc2.tmp\ns26.tmp
- %TEMP%\nsc2.tmp\execcmd.dll
- %TEMP%\aspnetsetup_00001.log
- %TEMP%\rgi27.tmp
- %TEMP%\rgi28.tmp
- %TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\license.rtf
- %TEMP%\rgi29.tmp
- %TEMP%\dd_vcredist_x86_20190930235654.log
- %WINDIR%\microsoft.net\framework\v2.0.50727\config\wsf2a.tmp
- C:\argos\agent\logs\websitemonitormanager.exe.log
- C:\argos\agent\logs\websitemonitorwatcher.exe.log
- %WINDIR%\temp\fzbxfftq.0.cs
- %WINDIR%\temp\fzbxfftq.cmdline
- %WINDIR%\temp\fzbxfftq.out
- <SYSTEM32>\perfstringbackup.tmp
- %TEMP%\nsc2.tmp\ns25.tmp
- C:\argos\agent\logs\websitemonitorwebservice.exe.log
- %TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\logo.png
- %TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\thm.wxl
- %TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\thm.xml
- C:\argos\agent\win\websitemonitor.win.dll
- C:\argos\agent\win\websitemonitor.win.v2.dll
- C:\argos\agent\win\websitemonitor.browserwin.dll
- C:\argos\agent\win\websitemonitor.browserwin2014.dll
- C:\argos\agent\win\websitemonitor.systemmonitor.dll
- C:\argos\agent\win\websitemonitor.bandwitdhperf.dll
- C:\argos\agent\win\websitemonitor.unitinfoclient.dll
- C:\argos\agent\win\websitemonitor.unitinfoclient.xmlserializers.dll
- C:\argos\agent\win\websitemonitor.watcher.dll
- C:\argos\agent\win\websitemonitor.json.dll
- C:\argos\agent\win\capturefail.jpg
- C:\argos\agent\win\notavailablediskfreespace.jpg
- C:\argos\agent\win\initializeobject.html
- C:\argos\agent\win\websitemonitor.measurelistmanagerservice.dll
- C:\argos\agent\win\websitemonitor.utilsbsl.dll
- C:\argos\agent\win\websitemonitor.hookinjection.dll
- C:\argos\agent\win\websitemonitor.win32apibsl.dll
- C:\argos\agent\win\websitemonitor.collectmanagerbsl.dll
- C:\argos\agent\win\websitemonitorrenderviewhelper.exe
- C:\argos\agent\win\websitemonitorconfigure.exe
- C:\argos\agent\win\websitemonitoragent.exe
- C:\argos\agent\win\websitemonitoragent.test.exe
- C:\argos\agent\win\websitemonitoragent.v2.exe
- C:\argos\agent\win\websitemonitoragent.v2.test.exe
- C:\argos\agent\win\websitemonitormanager.exe
- C:\argos\agent\win\managedprobelist.json
- %WINDIR%\temp\res32.tmp
- C:\argos\agent\win\websitemonitorwatcher.exe
- C:\argos\agent\win\websitemonitorwebservice.exe
- C:\argos\agent\win\websitemonitor.argoscallservice.dll
- C:\argos\agent\win\websitemonitor.transactionjobbsl.dll
- C:\argos\agent\win\websitemonitor.webserviceclientbsl.dll
- C:\argos\agent\win\websitemonitor.webserviceclientbsl.xmlserializers.dll
- C:\argos\agent\win\websitemonitor.collectbsl.dll
- %TEMP%\nsc2.tmp\processes.dll
- C:\argos\agent\win\websitemonitorscreeshotbackup.exe
- %WINDIR%\temp\res30.tmp
- C:\argos\agent\win\websitemonitorwatcher.exe.config
- C:\argos\agent\win\websitemonitorwebservice.exe.8080.config
- %TEMP%\nsc2.tmp\nsexec.dll
- %TEMP%\nsc2.tmp\ns3.tmp
- %TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\wixstdba.dll
- %TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\thm.xml
- %TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\thm.wxl
- C:\argos\agent\win\websitemonitor.version.dll
- %TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\logo.png
- %TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\bootstrapperapplicationdata.xml
- %TEMP%\dd_vcredist_x86_20190930235646.log
- %TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.be\vcredist_x86.exe
- %ALLUSERSPROFILE%\application data\package cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
- %ALLUSERSPROFILE%\application data\package cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
- %TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\wixstdba.dll
- C:\argos\agent\win\tracetcp.exe
- %TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\license.rtf
- C:\argos\agent\utils\vcredist_x86_v110.exe
- C:\argos\agent\utils\gacutil.exe
- C:\argos\agent\win\screenshotbackup.json
- C:\argos\agent\win\system.web.http.xml
- C:\argos\agent\win\websitemonitorwebservice.exe.8000.config
- C:\argos\agent\win\newtonsoft.json.dll
- C:\argos\agent\win\jsonexserializer.dll
- C:\argos\agent\win\microsoft.mshtml.dll
- C:\argos\agent\win\interop.shdocvw.dll
- C:\argos\agent\win\websitemonitormanager.exe.config
- C:\argos\agent\win\log4net.dll
- C:\argos\agent\win\websitemonitorwebservice.exe.config
- C:\argos\agent\win\system.net.http.dll
- C:\argos\agent\win\system.net.http.webrequest.dll
- C:\argos\agent\win\system.web.http.dll
- C:\argos\agent\win\system.web.http.selfhost.dll
- C:\argos\agent\win\system.web.http.selfhost.xml
- C:\argos\agent\win\system.web.http.webhost.dll
- C:\argos\agent\win\websitemonitorwebservice.exe.80.config
- C:\argos\agent\win\system.web.http.webhost.xml
- C:\argos\agent\win\system.net.http.formatting.dll
- %WINDIR%\temp\gmgo1kr3.dll
- %TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\bootstrapperapplicationdata.xml
- %WINDIR%\temp\res2c.tmp
- %TEMP%\nsc2.tmp\processes.dll
- %TEMP%\nsc2.tmp\nsscm.dll
- %TEMP%\nsc2.tmp\nsexec.dll
- %TEMP%\nsc2.tmp\execcmd.dll
- C:\argos\agent\win\websitemonitorwebservice.exe.8080.config
- C:\argos\agent\win\websitemonitorwebservice.exe.8000.config
- C:\argos\agent\win\websitemonitorwebservice.exe.80.config
- %TEMP%\nsc2.tmp\ns20.tmp
- %WINDIR%\microsoft.net\framework\v2.0.50727\config\wsf2a.tmp
- %TEMP%\rgi29.tmp
- %TEMP%\rgi28.tmp
- %TEMP%\rgi27.tmp
- %TEMP%\nsc2.tmp\ns26.tmp
- %TEMP%\nsc2.tmp\ns25.tmp
- %TEMP%\nsc2.tmp\ns24.tmp
- %TEMP%\nsc2.tmp\ns23.tmp
- %TEMP%\nsc2.tmp\ns22.tmp
- <SYSTEM32>\perfstringbackup.tmp
- %TEMP%\nsc2.tmp\ns21.tmp
- %WINDIR%\temp\csc2b.tmp
- %WINDIR%\temp\res30.tmp
- %WINDIR%\temp\gmgo1kr3.0.cs
- %WINDIR%\temp\gmgo1kr3.out
- %WINDIR%\temp\csc31.tmp
- %WINDIR%\temp\res32.tmp
- %WINDIR%\temp\ia3uvj1g.out
- %WINDIR%\temp\ia3uvj1g.dll
- %WINDIR%\temp\ia3uvj1g.0.cs
- %WINDIR%\temp\ia3uvj1g.cmdline
- %WINDIR%\temp\fzbxfftq.dll
- %WINDIR%\temp\fzbxfftq.0.cs
- %WINDIR%\temp\mez0fdhn.dll
- %WINDIR%\temp\mez0fdhn.0.cs
- %WINDIR%\temp\mez0fdhn.cmdline
- %WINDIR%\temp\mez0fdhn.out
- %WINDIR%\temp\csc2d.tmp
- %WINDIR%\temp\res2e.tmp
- %WINDIR%\temp\fzbxfftq.cmdline
- %WINDIR%\temp\fzbxfftq.out
- %WINDIR%\temp\csc2f.tmp
- %TEMP%\nsc2.tmp\ns1f.tmp
- %TEMP%\nsc2.tmp\ns1e.tmp
- %TEMP%\nsc2.tmp\ns1d.tmp
- %TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\thm.xml
- %TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\thm.wxl
- %TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\logo.png
- %TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\license.rtf
- %TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\bootstrapperapplicationdata.xml
- %TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.be\vcredist_x86.exe
- %TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\wixstdba.dll
- %TEMP%\nsc2.tmp\ns3.tmp
- %TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\thm.xml
- %TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\logo.png
- %TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\license.rtf
- %TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\bootstrapperapplicationdata.xml
- %TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\wixstdba.dll
- %TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\thm.xml
- %TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\thm.wxl
- %TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\logo.png
- %TEMP%\{615bc16d-60f5-482e-91b3-b51d8130963b}\.ba1\license.rtf
- %TEMP%\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\.ba1\thm.wxl
- %TEMP%\nsc2.tmp\ns7.tmp
- %TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\wixstdba.dll
- %TEMP%\nsc2.tmp\ns8.tmp
- %TEMP%\nsc2.tmp\ns1c.tmp
- %TEMP%\nsc2.tmp\ns13.tmp
- %TEMP%\nsc2.tmp\ns1b.tmp
- %TEMP%\nsc2.tmp\ns1a.tmp
- %TEMP%\nsc2.tmp\ns19.tmp
- %TEMP%\nsc2.tmp\ns18.tmp
- %TEMP%\nsc2.tmp\ns17.tmp
- %TEMP%\nsc2.tmp\ns16.tmp
- %TEMP%\nsc2.tmp\ns15.tmp
- %TEMP%\nsc2.tmp\ns14.tmp
- %TEMP%\nsc2.tmp\ns12.tmp
- %TEMP%\nsc2.tmp\ns9.tmp
- %TEMP%\nsc2.tmp\ns11.tmp
- %TEMP%\nsc2.tmp\ns10.tmp
- %TEMP%\nsc2.tmp\nsf.tmp
- %TEMP%\nsc2.tmp\nse.tmp
- %TEMP%\nsc2.tmp\nsd.tmp
- %TEMP%\nsc2.tmp\nsc.tmp
- %TEMP%\nsc2.tmp\nsb.tmp
- %TEMP%\nsc2.tmp\nsa.tmp
- %WINDIR%\temp\gmgo1kr3.cmdline
- %WINDIR%\temp\gmgo1kr3.dll
- DNS ASK ar####gr.vivans.net
- DNS ASK un#####ager.vivans.net
- '%TEMP%\nsc2.tmp\ns3.tmp' "C:\Argos\Agent\Utils\vcredist_x86_v110.exe" /passive
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.SystemMonitor.dll"
- '%TEMP%\nsc2.tmp\ns1d.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.CollectBSL.dll"
- '%TEMP%\nsc2.tmp\ns1c.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.WebserviceClientBSL.XmlSerializers.dll"
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.WebserviceClientBSL.dll"
- '%TEMP%\nsc2.tmp\ns1b.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.WebserviceClientBSL.dll"
- '%TEMP%\nsc2.tmp\ns1a.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.TransactionJobBSL.dll"
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.WIN.dll"
- '%TEMP%\nsc2.tmp\ns19.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.WIN.dll"
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.CollectBSL.dll"
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.BrowserWIN2014.dll"
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.BrowserWIN.dll"
- '%TEMP%\nsc2.tmp\ns17.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.BrowserWIN.dll"
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.UnitInfoClient.XmlSerializers"
- '%TEMP%\nsc2.tmp\ns16.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.UnitInfoClient.XmlSerializers"
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.UnitInfoClient"
- '%TEMP%\nsc2.tmp\ns23.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.BandwitdhPerf.dll"
- '%TEMP%\nsc2.tmp\ns15.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.UnitInfoClient"
- '%TEMP%\nsc2.tmp\ns14.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.ArgosCallService"
- 'C:\argos\agent\win\websitemonitorwebservice.exe'
- '%TEMP%\nsc2.tmp\ns18.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.BrowserWIN2014.dll"
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.BandwitdhPerf"
- '%TEMP%\nsc2.tmp\ns1f.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.Win32APIBSL.dll"
- 'C:\argos\agent\win\websitemonitorwatcher.exe'
- 'C:\argos\agent\win\websitemonitormanager.exe'
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.WebserviceClientBSL.XmlSerializers.dll"
- '%TEMP%\nsc2.tmp\ns24.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.UnitInfoClient.dllcd"
- '%TEMP%\nsc2.tmp\ns26.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.ArgosCallService.dll"
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.UnitInfoClient.XmlSerializers.dll"
- '%TEMP%\nsc2.tmp\ns25.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.UnitInfoClient.XmlSerializers.dll"
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.UnitInfoClient.dllcd"
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.UtilsBSL.dll"
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.ArgosCallService"
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.ArgosCallService.dll"
- '%TEMP%\nsc2.tmp\ns11.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.CollectManagerBSL"
- '%TEMP%\nsc2.tmp\ns1e.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.UtilsBSL.dll"
- '%TEMP%\nsc2.tmp\ns12.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.SystemMonitor"
- '%TEMP%\nsc2.tmp\ns21.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.CollectManagerBSL.dll"
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.MeasureListManagerService.dll"
- '%TEMP%\nsc2.tmp\ns20.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.MeasureListManagerService.dll"
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.Win32APIBSL.dll"
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.BandwitdhPerf.dll"
- '%TEMP%\nsc2.tmp\ns13.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.BandwitdhPerf"
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.TransactionJobBSL.dll"
- '%TEMP%\nsc2.tmp\ns9.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.WIN"
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.TransactionJobBSL"
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.WebserviceClientBSL"
- '%TEMP%\nsc2.tmp\nsc.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.WebserviceClientBSL.XmlSerializers"
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.WebserviceClientBSL.XmlSerializers"
- '%TEMP%\nsc2.tmp\nsd.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.CollectBSL"
- '%TEMP%\nsc2.tmp\ns22.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.SystemMonitor.dll"
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.WIN"
- 'C:\argos\agent\utils\gacutil.exe' /if "C:\Argos\Agent\Win\WebSiteMonitor.CollectManagerBSL.dll"
- '%TEMP%\nsc2.tmp\nsa.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.TransactionJobBSL"
- '%TEMP%\nsc2.tmp\nse.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.UtilsBSL"
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.CollectBSL"
- '%TEMP%\nsc2.tmp\nsf.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.Win32APIBSL"
- '%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.be\vcredist_x86.exe' -q -burn.elevated BurnPipe.{39E6593D-B758-462D-9C95-C9406155CAFF} {88A5DFCC-1670-423E-8A49-734159BA0046} 3968
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.UtilsBSL"
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.Win32APIBSL"
- '%TEMP%\nsc2.tmp\ns7.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.BrowserWIN"
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.CollectManagerBSL"
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.BrowserWIN2014"
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.BrowserWIN"
- 'C:\argos\agent\utils\vcredist_x86_v110.exe' /passive
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.MeasureListManagerService"
- '%TEMP%\nsc2.tmp\ns8.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.BrowserWIN2014"
- '%TEMP%\nsc2.tmp\ns10.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.MeasureListManagerService"
- '%TEMP%\nsc2.tmp\nsb.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.WebserviceClientBSL"
- 'C:\argos\agent\utils\gacutil.exe' /u "WebSiteMonitor.SystemMonitor"
- '<SYSTEM32>\cmd.exe' /C rmdir "C:\Argos\Agent\WebService\" /S /Q' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C sc create WebSiteMonitorWatcherService binPath= C:\Argos\Agent\Win\WebSiteMonitorWatcher.exe start= auto' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C netstat -an | FINDSTR /R /C:"8000[ ]*0.*LISTENING" > nul && ( echo 8000 > C:\Argos\Agent\Win\IISPORT.txt )' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C bcdedit.exe /set {current} nx AlwaysOff' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C del "C:\Argos\Agent\Win\WebSiteMonitorWebService.exe.*.config"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C netstat -an | FINDSTR /R /C:"80[ ]*0.*LISTENING" > nul && ( echo 80 > C:\Argos\Agent\Win\IISPORT.txt )' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C copy "C:\Argos\Agent\Win\WebSiteMonitorWebService.exe.80.config" "C:\Argos\Agent\Win\WebSiteMonitorWebService.exe.config"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C net user argos gksfutneh /ADD' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C net localgroup administrators argos /ADD' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES30.tmp" "%WINDIR%\Temp\CSC2F.tmp"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns1c.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.WebserviceClientBSL.XmlSerializers.dll"' (with hidden window)
- '%TEMP%\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.be\vcredist_x86.exe' -q -burn.elevated BurnPipe.{39E6593D-B758-462D-9C95-C9406155CAFF} {88A5DFCC-1670-423E-8A49-734159BA0046} 3968' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C netstat -an | FINDSTR /R /C:"8080[ ]*0.*LISTENING" > nul && ( echo 8080 > C:\Argos\Agent\Win\IISPORT.txt )' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C sc config IISADMIN start= disabled' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\mez0fdhn.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES2C.tmp" "%WINDIR%\Temp\CSC2B.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\fzbxfftq.cmdline"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns3.tmp' "C:\Argos\Agent\Utils\vcredist_x86_v110.exe" /passive' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C del "C:\Argos\Agent\Win\WebSiteMonitorAgent_Fail.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C sc stop IISADMIN' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C sc stop W3SVC' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C C:\Argos\Agent\Win\tracetcp www.vi##ns.net -n -t 100 -p 3 -F -m 30' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C sc create WebSiteMonitorWebService binPath= C:\Argos\Agent\Win\WebSiteMonitorWebService.exe start= auto type= interact type= own' (with hidden window)
- '%TEMP%\nsc2.tmp\ns26.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.ArgosCallService.dll"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C sc create WebSiteMonitorManagerService binPath= C:\Argos\Agent\Win\WebSiteMonitorManager.exe start= auto type= interact type= own' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C SETX /M IS_FOREGROUND_PROBE True' (with hidden window)
- '%ALLUSERSPROFILE%\application data\package cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe' -q -burn.elevated BurnPipe.{0A57685D-DEC6-431B-9177-E3587A2EF0FE} {C9702477-5503-4443-8107-A28112DAED8B} 4028' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C sc config W3SVC start= disabled' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\ia3uvj1g.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES2E.tmp" "%WINDIR%\Temp\CSC2D.tmp"' (with hidden window)
- '%TEMP%\nsc2.tmp\nsa.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.TransactionJobBSL"' (with hidden window)
- '%TEMP%\nsc2.tmp\nsd.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.CollectBSL"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns13.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.BandwitdhPerf"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns1b.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.WebserviceClientBSL.dll"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\gmgo1kr3.cmdline"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns1a.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.TransactionJobBSL.dll"' (with hidden window)
- '%TEMP%\nsc2.tmp\nse.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.UtilsBSL"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns19.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.WIN.dll"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns17.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.BrowserWIN.dll"' (with hidden window)
- '%TEMP%\nsc2.tmp\nsf.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.Win32APIBSL"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns10.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.MeasureListManagerService"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns16.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.UnitInfoClient.XmlSerializers"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns15.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.UnitInfoClient"' (with hidden window)
- '%ALLUSERSPROFILE%\application data\package cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe' -q -burn.elevated BurnPipe.{CEBEA10C-235A-4172-9DC0-3E4F471CAB2C} {7960686C-7D98-417F-8042-56E5DB5C886B} 4080' (with hidden window)
- '%TEMP%\nsc2.tmp\ns14.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.ArgosCallService"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns18.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.BrowserWIN2014.dll"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns11.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.CollectManagerBSL"' (with hidden window)
- '%TEMP%\nsc2.tmp\nsc.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.WebserviceClientBSL.XmlSerializers"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns1d.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.CollectBSL.dll"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns1e.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.UtilsBSL.dll"' (with hidden window)
- '%TEMP%\nsc2.tmp\nsb.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.WebserviceClientBSL"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns1f.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.Win32APIBSL.dll"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns20.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.MeasureListManagerService.dll"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns21.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.CollectManagerBSL.dll"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns9.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.WIN"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns22.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.SystemMonitor.dll"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns8.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.BrowserWIN2014"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns23.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.BandwitdhPerf.dll"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns24.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.UnitInfoClient.dllcd"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns12.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.SystemMonitor"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns7.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /u "WebSiteMonitor.BrowserWIN"' (with hidden window)
- '%TEMP%\nsc2.tmp\ns25.tmp' "C:\Argos\Agent\Utils\Gacutil.exe" /if "C:\Argos\Agent\Win\WebSiteMonitor.UnitInfoClient.XmlSerializers.dll"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES32.tmp" "%WINDIR%\Temp\CSC31.tmp"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C net user argos gksfutneh /ADD
- '<SYSTEM32>\cmd.exe' /C sc create WebSiteMonitorWebService binPath= C:\Argos\Agent\Win\WebSiteMonitorWebService.exe start= auto type= interact type= own
- '<SYSTEM32>\sc.exe' create WebSiteMonitorWebService binPath= C:\Argos\Agent\Win\WebSiteMonitorWebService.exe start= auto type= interact type= own
- '<SYSTEM32>\cmd.exe' /C C:\Argos\Agent\Win\tracetcp www.vi##ns.net -n -t 100 -p 3 -F -m 30
- '<SYSTEM32>\cmd.exe' /C sc stop W3SVC
- '<SYSTEM32>\sc.exe' stop W3SVC
- '<SYSTEM32>\cmd.exe' /C sc stop IISADMIN
- '<SYSTEM32>\sc.exe' stop IISADMIN
- '<SYSTEM32>\cmd.exe' /C sc config W3SVC start= disabled
- '<SYSTEM32>\sc.exe' config W3SVC start= disabled
- '<SYSTEM32>\sc.exe' config IISADMIN start= disabled
- '%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\gmgo1kr3.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\fzbxfftq.cmdline"
- '<SYSTEM32>\svchost.exe' -k HTTPFilter
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES2C.tmp" "%WINDIR%\Temp\CSC2B.tmp"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\mez0fdhn.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES2E.tmp" "%WINDIR%\Temp\CSC2D.tmp"
- '<SYSTEM32>\verclsid.exe' /C {B5A7F190-DDA6-4420-B3BA-52453494E6CD} /I {00000000-0000-0000-C000-000000000046} /X 0x401
- '<SYSTEM32>\sc.exe' stop w32Time
- '%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%WINDIR%\TEMP\ia3uvj1g.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES30.tmp" "%WINDIR%\Temp\CSC2F.tmp"
- '<SYSTEM32>\sc.exe' create WebSiteMonitorWatcherService binPath= C:\Argos\Agent\Win\WebSiteMonitorWatcher.exe start= auto
- '<SYSTEM32>\cmd.exe' /C sc config IISADMIN start= disabled
- '<SYSTEM32>\cmd.exe' /C sc create WebSiteMonitorWatcherService binPath= C:\Argos\Agent\Win\WebSiteMonitorWatcher.exe start= auto
- '<SYSTEM32>\findstr.exe' /R /C:"8000[ ]*0.*LISTENING"
- '<SYSTEM32>\net.exe' user argos gksfutneh /ADD
- '<SYSTEM32>\net1.exe' user argos gksfutneh /ADD
- '<SYSTEM32>\cmd.exe' /C net localgroup administrators argos /ADD
- '<SYSTEM32>\net.exe' localgroup administrators argos /ADD
- '<SYSTEM32>\net1.exe' localgroup administrators argos /ADD
- '<SYSTEM32>\cmd.exe' /C bcdedit.exe /set {current} nx AlwaysOff
- '<SYSTEM32>\cmd.exe' /C %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i
- '%WINDIR%\microsoft.net\framework\v2.0.50727\aspnet_regiis.exe' -i
- '<SYSTEM32>\cmd.exe' /C netstat -an | FINDSTR /R /C:"8000[ ]*0.*LISTENING" > nul && ( echo 8000 > C:\Argos\Agent\Win\IISPORT.txt )
- '<SYSTEM32>\netstat.exe' -an
- '<SYSTEM32>\cmd.exe' /C sc create WebSiteMonitorManagerService binPath= C:\Argos\Agent\Win\WebSiteMonitorManager.exe start= auto type= interact type= own
- '<SYSTEM32>\cmd.exe' /C netstat -an | FINDSTR /R /C:"8080[ ]*0.*LISTENING" > nul && ( echo 8080 > C:\Argos\Agent\Win\IISPORT.txt )
- '<SYSTEM32>\findstr.exe' /R /C:"8080[ ]*0.*LISTENING"
- '<SYSTEM32>\cmd.exe' /C netstat -an | FINDSTR /R /C:"80[ ]*0.*LISTENING" > nul && ( echo 80 > C:\Argos\Agent\Win\IISPORT.txt )
- '<SYSTEM32>\findstr.exe' /R /C:"80[ ]*0.*LISTENING"
- '<SYSTEM32>\cmd.exe' /C copy "C:\Argos\Agent\Win\WebSiteMonitorWebService.exe.80.config" "C:\Argos\Agent\Win\WebSiteMonitorWebService.exe.config"
- '<SYSTEM32>\cmd.exe' /C del "C:\Argos\Agent\Win\WebSiteMonitorWebService.exe.*.config"
- '<SYSTEM32>\cmd.exe' /C del "C:\Argos\Agent\Win\WebSiteMonitorAgent_Fail.exe"
- '<SYSTEM32>\cmd.exe' /C rmdir "C:\Argos\Agent\WebService\" /S /Q
- '<SYSTEM32>\cmd.exe' /C SETX /M IS_FOREGROUND_PROBE True
- '<SYSTEM32>\sc.exe' create WebSiteMonitorManagerService binPath= C:\Argos\Agent\Win\WebSiteMonitorManager.exe start= auto type= interact type= own
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%WINDIR%\TEMP\RES32.tmp" "%WINDIR%\Temp\CSC31.tmp"