Техническая информация
- <SYSTEM32>\tasks\googleupdatetaskmachineqc
- %ProgramFiles%\google\chrome\updater.exe
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
- '<SYSTEM32>\cmd.exe' /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentContr...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' <#szakjftq#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([Syst...
- '<SYSTEM32>\sc.exe' stop UsoSvc
- '<SYSTEM32>\sc.exe' stop WaaSMedicSvc
- '<SYSTEM32>\sc.exe' stop wuauserv
- '<SYSTEM32>\sc.exe' stop bits
- '<SYSTEM32>\sc.exe' stop dosvc
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
- '<SYSTEM32>\schtasks.exe' /create /f /sc onlogon /rl highest /ru System /tn GoogleUpdateTaskMachineQC /tr "'%ProgramFiles%\Google\Chrome\updater.exe'"