Техническая информация
- <SYSTEM32>\tasks\t-1-6-60-1162337346-1097707991-1152721053-7033\{wk6vlu-hr7y-l5in-nfp9-7x9gz2brr6}
- из <Полный путь к файлу> в %PROGRAMDATA%\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_10.0.18362.1_none_c4f594c1843e3274\odbccp32.exe
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%PROGRAMDATA%\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_10.0.18362.1_none_c4f594c1843e3274" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%PROGRAMDATA%\amd...' (со скрытым окном)
- '%PROGRAMDATA%\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_10.0.18362.1_none_c4f594c1843e3274\odbccp32.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%PROGRAMDATA%\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_10.0.18362.1_none_c4f594c1843e3274" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%PROGRAMDATA%\amd...
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_10.0.18362.1_none_c4f594c1843e3274" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_10.0.18362.1_none_c4f594c1843e3274" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
- '<SYSTEM32>\taskeng.exe' {4140380D-B764-48DB-B163-63E34A4E073D} S-1-5-21-1960123792-2022915161-3775307078-1001:qmhftyywwke\user:Interactive:[1]
- '%WINDIR%\syswow64\icacls.exe' "%PROGRAMDATA%\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_10.0.18362.1_none_c4f594c1843e3274" /inheritance:e /deny "user:(R,REA,RA,RD)"