Техническая информация
- <SYSTEM32>\tasks\a-6-6-35-1047528063-1337335617-1157422840-1278\{vbeueazx-7qyz-uspr-p14t-ger35vunb}
- из <Полный путь к файлу> в %APPDATA%\msil_uiautomationclientsideproviders_31bf3856ad364e35_4.0.15744.430_none_59fd5d86381d9ac0\cfmifs.exe
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%APPDATA%\msil_uiautomationclientsideproviders_31bf3856ad364e35_4.0.15744.430_none_59fd5d86381d9ac0" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%APPDATA%\msil_uiautomati...' (со скрытым окном)
- '%APPDATA%\msil_uiautomationclientsideproviders_31bf3856ad364e35_4.0.15744.430_none_59fd5d86381d9ac0\cfmifs.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%APPDATA%\msil_uiautomationclientsideproviders_31bf3856ad364e35_4.0.15744.430_none_59fd5d86381d9ac0" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%APPDATA%\msil_uiautomati...
- '%WINDIR%\syswow64\icacls.exe' "%APPDATA%\msil_uiautomationclientsideproviders_31bf3856ad364e35_4.0.15744.430_none_59fd5d86381d9ac0" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
- '<SYSTEM32>\taskeng.exe' {2420F3CA-B543-4741-83D5-0B245F222E0F} S-1-5-21-1960123792-2022915161-3775307078-1001:nexfuyggfaa\user:Interactive:[1]
- '%WINDIR%\syswow64\icacls.exe' "%APPDATA%\msil_uiautomationclientsideproviders_31bf3856ad364e35_4.0.15744.430_none_59fd5d86381d9ac0" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
- '%WINDIR%\syswow64\icacls.exe' "%APPDATA%\msil_uiautomationclientsideproviders_31bf3856ad364e35_4.0.15744.430_none_59fd5d86381d9ac0" /inheritance:e /deny "user:(R,REA,RA,RD)"