Technical Information
- <SYSTEM32>\tasks\update
- %LOCALAPPDATA%\addons\extensions\background.js
- %LOCALAPPDATA%\addons\extensions\content.js
- %LOCALAPPDATA%\addons\extensions\popup.html
- %LOCALAPPDATA%\addons\extensions\manifest.json
- %LOCALAPPDATA%\addons\extensions\logo.png
- %LOCALAPPDATA%\microsoft\update\update.vbs
- %TEMP%\start.vbs
- nul
- %TEMP%\create.vbs
- %HOMEPATH%\desktop\google chrome.lnk
- %TEMP%\start.vbs
- %TEMP%\create.vbs
- from C:\users\public\desktop\google chrome.lnk to %TEMP%\google chrome.lnk
- '%WINDIR%\syswow64\cscript.exe' %TEMP%\start.vbs
- '%WINDIR%\syswow64\cscript.exe' %TEMP%\create.vbs
- '%WINDIR%\syswow64\cscript.exe' %TEMP%\start.vbs' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /SC MINUTE /MO 180 /TN Update /TR "'%LOCALAPPDATA%\Microsoft\Update\Update.vbs'"' (with hidden window)
- '%WINDIR%\syswow64\cscript.exe' %TEMP%\create.vbs' (with hidden window)
- '%WINDIR%\syswow64\cscript.exe' <Current directory>\Languages\Sync\install.vbs' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /SC MINUTE /MO 180 /TN Update /TR "'%LOCALAPPDATA%\Microsoft\Update\Update.vbs'"
- '%WINDIR%\syswow64\cscript.exe' <Current directory>\Languages\Sync\install.vbs