Техническая информация
- <SYSTEM32>\tasks\w-1-8-92-1000577120-1007150981-1062467637-2845\{dyl2uonl-crys-1e5q-2v27-7y7zpexcsed}
- из <Полный путь к файлу> в %PROGRAMDATA%\msil_system.io_b03f5f7f11d50a3a_4.0.15788.0_none_10df4f6ec5b8afa9\appmgr.exe
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%PROGRAMDATA%\msil_system.io_b03f5f7f11d50a3a_4.0.15788.0_none_10df4f6ec5b8afa9" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%PROGRAMDATA%\msil_system.io_b03f5f7f11d50a3a...' (со скрытым окном)
- '%PROGRAMDATA%\msil_system.io_b03f5f7f11d50a3a_4.0.15788.0_none_10df4f6ec5b8afa9\appmgr.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%PROGRAMDATA%\msil_system.io_b03f5f7f11d50a3a_4.0.15788.0_none_10df4f6ec5b8afa9" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%PROGRAMDATA%\msil_system.io_b03f5f7f11d50a3a...
- '<SYSTEM32>\taskeng.exe' {5DEC1AA1-FA7F-4822-8679-1B0E50095B86} S-1-5-21-1960123792-2022915161-3775307078-1001:sxnlulckws\user:Interactive:[1]
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\msil_system.io_b03f5f7f11d50a3a_4.0.15788.0_none_10df4f6ec5b8afa9" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\msil_system.io_b03f5f7f11d50a3a_4.0.15788.0_none_10df4f6ec5b8afa9" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\msil_system.io_b03f5f7f11d50a3a_4.0.15788.0_none_10df4f6ec5b8afa9" /inheritance:e /deny "user:(R,REA,RA,RD)"