Техническая информация
- <SYSTEM32>\tasks\r-3-3-79-1273951425-1123247796-1012973728-9141\{38oo11q4-nw1k-ck2w-hsa-fulze84iocrg}
- из <Полный путь к файлу> в %PROGRAMDATA%\msil_uiautomationclientsideproviders_31bf3856ad364e35_4.0.15680.120_none_55627419d7c2b479\pngfilt.exe
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%PROGRAMDATA%\msil_uiautomationclientsideproviders_31bf3856ad364e35_4.0.15680.120_none_55627419d7c2b479" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%PROGRAMDATA%\msil_ui...' (со скрытым окном)
- '%PROGRAMDATA%\msil_uiautomationclientsideproviders_31bf3856ad364e35_4.0.15680.120_none_55627419d7c2b479\pngfilt.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%PROGRAMDATA%\msil_uiautomationclientsideproviders_31bf3856ad364e35_4.0.15680.120_none_55627419d7c2b479" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%PROGRAMDATA%\msil_ui...
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\msil_uiautomationclientsideproviders_31bf3856ad364e35_4.0.15680.120_none_55627419d7c2b479" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\msil_uiautomationclientsideproviders_31bf3856ad364e35_4.0.15680.120_none_55627419d7c2b479" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
- '<SYSTEM32>\taskeng.exe' {8FE84763-08B4-4169-BD38-43DECA2958F1} S-1-5-21-1960123792-2022915161-3775307078-1001:arcwlscdseo\user:Interactive:[1]
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\msil_uiautomationclientsideproviders_31bf3856ad364e35_4.0.15680.120_none_55627419d7c2b479" /inheritance:e /deny "user:(R,REA,RA,RD)"