Техническая информация
- <SYSTEM32>\tasks\googleupdatetaskmachineqc
- %APPDATA%\google\chrome\updater.exe
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' <#ctbfbs#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { schtasks /...
- '%APPDATA%\google\chrome\updater.exe'
- '%APPDATA%\google\chrome\updater.exe' ' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' <#cstihp#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System...
- '<SYSTEM32>\powercfg.exe' /x -hibernate-timeout-ac 0
- '<SYSTEM32>\powercfg.exe' /x -hibernate-timeout-dc 0
- '<SYSTEM32>\powercfg.exe' /x -standby-timeout-ac 0
- '<SYSTEM32>\powercfg.exe' /x -standby-timeout-dc 0
- '<SYSTEM32>\schtasks.exe' /create /f /sc onlogon /rl highest /tn GoogleUpdateTaskMachineQC /tr '%APPDATA%\Google\Chrome\updater.exe'
- '<SYSTEM32>\schtasks.exe' /run /tn GoogleUpdateTaskMachineQC
- '<SYSTEM32>\taskeng.exe' {2655CC15-B4C6-42F0-A437-1E6E0B0D5103} S-1-5-21-1960123792-2022915161-3775307078-1001:eidlea\user:Interactive:[1]