Техническая информация
- <SYSTEM32>\tasks\a-7-8-59-1347903934-1304280782-1040378983-6889\{qvbsq22-92mz-63sd-qlv-nerrl31prg7l}
- из <Полный путь к файлу> в %APPDATA%\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\api-ms-win-crt-conio-l1-1-0.exe
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%APPDATA%\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%APPDATA%\x86_microsoft.vc80.crt_1fc8b3...' (со скрытым окном)
- '%APPDATA%\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\api-ms-win-crt-conio-l1-1-0.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c icacls "%APPDATA%\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "%APPDATA%\x86_microsoft.vc80.crt_1fc8b3...
- '%WINDIR%\syswow64\icacls.exe' "%APPDATA%\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
- '%WINDIR%\syswow64\icacls.exe' "%APPDATA%\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
- '<SYSTEM32>\taskeng.exe' {E425A3B0-325F-4BDD-9818-16A7AE1156AE} S-1-5-21-1960123792-2022915161-3775307078-1001:xeycfad\user:Interactive:[1]
- '%WINDIR%\syswow64\icacls.exe' "%APPDATA%\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8" /inheritance:e /deny "user:(R,REA,RA,RD)"