Техническая информация
- <SYSTEM32>\tasks\r-9-6-71-1393787692-1089944660-1041866442-1286\{4a1ye1k-kzxo-17bi-1ley-q9lw1inwr7gy}
- из <Полный путь к файлу> в %PROGRAMDATA%\amd64_microsoft-windows-geolocation-winrt_31bf3856ad364e35_10.0.18362.1_none_5ec519dd569e39b3\mprmsg.exe
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%PROGRAMDATA%\amd64_microsoft-windows-geolocation-winrt_31bf3856ad364e35_10.0.18362.1_none_5ec519dd569e39b3" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%PROGRAMDATA%\amd...' (со скрытым окном)
- '%PROGRAMDATA%\amd64_microsoft-windows-geolocation-winrt_31bf3856ad364e35_10.0.18362.1_none_5ec519dd569e39b3\mprmsg.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%PROGRAMDATA%\amd64_microsoft-windows-geolocation-winrt_31bf3856ad364e35_10.0.18362.1_none_5ec519dd569e39b3" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%PROGRAMDATA%\amd...
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\amd64_microsoft-windows-geolocation-winrt_31bf3856ad364e35_10.0.18362.1_none_5ec519dd569e39b3" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
- '<SYSTEM32>\taskeng.exe' {48394C75-EA18-403F-B3CD-06877FFBF64D} S-1-5-21-1960123792-2022915161-3775307078-1001:nchdmlcnf\user:Interactive:[1]
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\amd64_microsoft-windows-geolocation-winrt_31bf3856ad364e35_10.0.18362.1_none_5ec519dd569e39b3" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\amd64_microsoft-windows-geolocation-winrt_31bf3856ad364e35_10.0.18362.1_none_5ec519dd569e39b3" /inheritance:e /deny "user:(R,REA,RA,RD)"