Техническая информация
- <SYSTEM32>\tasks\q-4-6-45-1298060004-1081794831-1018816920-7140\{y8tqx2qm-2iut-oytc-8c5i-eqb14exv3ika}
- из <Полный путь к файлу> в %PROGRAMDATA%\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_10.0.18362.1_ru-ru_b5473910f1e0a1cd\coml2.exe
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%PROGRAMDATA%\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_10.0.18362.1_ru-ru_b5473910f1e0a1cd" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%PROGRAMDATA%\msil_mi...' (со скрытым окном)
- '%PROGRAMDATA%\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_10.0.18362.1_ru-ru_b5473910f1e0a1cd\coml2.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%PROGRAMDATA%\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_10.0.18362.1_ru-ru_b5473910f1e0a1cd" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%PROGRAMDATA%\msil_mi...
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_10.0.18362.1_ru-ru_b5473910f1e0a1cd" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
- '<SYSTEM32>\taskeng.exe' {C7D4CB1E-325B-4453-9CB1-5A3BEAD9105A} S-1-5-21-1960123792-2022915161-3775307078-1001:arxfeiux\user:Interactive:[1]
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_10.0.18362.1_ru-ru_b5473910f1e0a1cd" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\msil_microsoft.build.tasks.resources_b03f5f7f11d50a3a_10.0.18362.1_ru-ru_b5473910f1e0a1cd" /inheritance:e /deny "user:(R,REA,RA,RD)"