Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{Z9AOTEWO-8QAL-76MC-72NP-3SD5AYLHGBF}' = '"%ALLUSERSPROFILE%\Application Data\x86_netfx35linq-system.data.services.design_31bf3856ad364e3...
- from <Full path to file> to %ALLUSERSPROFILE%\application data\x86_netfx35linq-system.data.services.design_31bf3856ad364e35_10.0.18362.1_none_700f171172e8923a\windows.ui.xaml.maps.exe
- '<SYSTEM32>\cmd.exe' /c icacls "%ALLUSERSPROFILE%\Application Data\x86_netfx35linq-system.data.services.design_31bf3856ad364e35_10.0.18362.1_none_700f171172e8923a" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & ic...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c icacls "%ALLUSERSPROFILE%\Application Data\x86_netfx35linq-system.data.services.design_31bf3856ad364e35_10.0.18362.1_none_700f171172e8923a" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & ic...