Техническая информация
- <SYSTEM32>\svchost.exe
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c echo Y|CACLS "C:\ProgramData\{ELOS9BFB-UWOP-WYFM-MO8BS084UEO1}" /P "%USERNAME%:R"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo Y"
- '<SYSTEM32>\cacls.exe' "C:\ProgramData\{ELOS9BFB-UWOP-WYFM-MO8BS084UEO1}" /P "%USERNAME%:R"
- '<SYSTEM32>\cmd.exe' /c echo Y|CACLS "C:\ProgramData\{ELOS9BFB-UWOP-WYFM-MO8BS084UEO1}\smss.exe" /P "%USERNAME%:R"
- '<SYSTEM32>\cacls.exe' "C:\ProgramData\{ELOS9BFB-UWOP-WYFM-MO8BS084UEO1}\smss.exe" /P "%USERNAME%:R"