Technical Information
- %WINDIR%\syswow64\cbsetacl.exe
- %ProgramFiles(x86)%\baidu
- %ALLUSERSPROFILE%\application data\microsoft\pctools
- %ProgramFiles(x86)%\baidu
- %ALLUSERSPROFILE%\application data\microsoft\pctools
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "%ProgramFiles(x86)%\Baidu" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "<SYSTEM32>\DWRCShell.dll" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "<SYSTEM32>\DWRCShell.dll" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "<SYSTEM32>\DWRCSET.DLL" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "<SYSTEM32>\DWRCSET.DLL" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "<SYSTEM32>\DWRCS.INI" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "<SYSTEM32>\DWRCS.INI" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "<SYSTEM32>\DWRCS.EXE" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "<SYSTEM32>\DWRCS.EXE" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DWMRCS" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DwMirror" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DWMRCS" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DwMirror" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "<SYSTEM32>\DWRCST.EXE" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADSRSVC" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /Subkeyreg "HKEY_CURRENT_USER\SOFTWARE\Newpush" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /Subkeyreg "HKEY_CURRENT_USER\SOFTWARE\Newpush" /Perm /Setowner=Everyone /Grant=Everyone=F
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "%WINDIR%\Sosuo.col" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "%WINDIR%\Sosuo.col" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "%ALLUSERSPROFILE%\Application data\Microsoft\Office\Userdata\webbrowser_7466.dll" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "%ALLUSERSPROFILE%\Application data\Microsoft\Office\Userdata\webbrowser_7466.dll" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "%ALLUSERSPROFILE%\Application data\Microsoft\Pctools" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "%ALLUSERSPROFILE%\Application data\Microsoft\Pctools" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "%HOMEPATH%\Local Settings\Temp\rundll.exe" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "%HOMEPATH%\Local Settings\Temp\rundll.exe" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "%ProgramFiles(x86)%\Baidu" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADSRSVC" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cbsetacl.exe' /Noverbose /File "<SYSTEM32>\DWRCST.EXE" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cmd.exe' /c Regsvr32.exe /s "<SYSTEM32>\Mshtml.dll"
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_CURRENT_USER\SOFTWARE\Newpush" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADSRSVC" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCST.EXE" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DWMRCS" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DwMirror" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DWMRCS" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "<SYSTEM32>\DWRCS.EXE"
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "<SYSTEM32>\DWRCS.EXE"
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCShell.dll" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADSRSVC" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCS.EXE" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCSET.DLL" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "<SYSTEM32>\DWRCSET.DLL"
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "<SYSTEM32>\DWRCSET.DLL"
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCSET.DLL" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "<SYSTEM32>\DWRCS.INI"
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "<SYSTEM32>\DWRCS.INI"
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCS.INI" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "<SYSTEM32>\DWRCShell.dll"
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCS.EXE" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "<SYSTEM32>\DWRCShell.dll"
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCS.INI" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCShell.dll" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%WINDIR%\Sosuo.col" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "<SYSTEM32>\DWRCST.EXE"
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCST.EXE" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%WINDIR%\Sosuo.col" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DwMirror" /Perm /Grant=Everyone=R
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%ALLUSERSPROFILE%\Application data\Microsoft\Office\Userdata\webbrowser_7466.dll" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%ALLUSERSPROFILE%\Application data\Microsoft\Pctools" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%HOMEPATH%\Local Settings\Temp\rundll.exe" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%ALLUSERSPROFILE%\Application data\Microsoft\Pctools" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "<SYSTEM32>\DWRCST.EXE"
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_CURRENT_USER\SOFTWARE\Newpush" /Perm /Setowner=Everyone /Grant=Everyone=F
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "%HOMEPATH%\Local Settings\Temp\rundll.exe"
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%HOMEPATH%\Local Settings\Temp\rundll.exe"
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%ProgramFiles(x86)%\Baidu" /perm /setowner=Everyone /grant=Everyone=F
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "%WINDIR%\Sosuo.col"
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%WINDIR%\Sosuo.col"
- '%WINDIR%\syswow64\regsvr32.exe' /s "<SYSTEM32>\Mshtml.dll"
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%ALLUSERSPROFILE%\Application data\Microsoft\Office\Userdata\webbrowser_7466.dll" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%ProgramFiles(x86)%\Baidu" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\regsvr32.exe' /u /s "%ALLUSERSPROFILE%\Application data\Microsoft\Office\Userdata\webbrowser_7466.dll"
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%HOMEPATH%\Local Settings\Temp\rundll.exe" /Perm /Setowner= /Deny=Everyone
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "%ALLUSERSPROFILE%\Application data\Microsoft\Office\Userdata\webbrowser_7466.dll"
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCS.INI" /perm /setowner=Everyone /grant=Everyone=F' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCShell.dll" /Perm /Setowner= /Deny=Everyone' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_CURRENT_USER\SOFTWARE\Newpush" /Perm /Setowner=Everyone /Grant=Everyone=F' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%HOMEPATH%\Local Settings\Temp\rundll.exe" /perm /setowner=Everyone /grant=Everyone=F' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "<SYSTEM32>\DWRCSET.DLL"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCST.EXE" /perm /setowner=Everyone /grant=Everyone=F' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c Regsvr32.exe /s "<SYSTEM32>\Mshtml.dll"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCSET.DLL" /perm /setowner=Everyone /grant=Everyone=F' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%ProgramFiles(x86)%\Baidu" /perm /setowner=Everyone /grant=Everyone=F' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCS.INI" /Perm /Setowner= /Deny=Everyone' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%ProgramFiles(x86)%\Baidu" /Perm /Setowner= /Deny=Everyone' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCShell.dll" /perm /setowner=Everyone /grant=Everyone=F' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCSET.DLL" /Perm /Setowner= /Deny=Everyone' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%WINDIR%\Sosuo.col" /Perm /Setowner= /Deny=Everyone' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%HOMEPATH%\Local Settings\Temp\rundll.exe" /Perm /Setowner= /Deny=Everyone' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%ALLUSERSPROFILE%\Application data\Microsoft\Pctools" /perm /setowner=Everyone /grant=Everyone=F' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "%HOMEPATH%\Local Settings\Temp\rundll.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "<SYSTEM32>\DWRCST.EXE"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DWMRCS" /Perm /Grant=Everyone=R' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DWMRCS" /Perm /Grant=Everyone=R' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "<SYSTEM32>\DWRCShell.dll"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess" /Perm /Grant=Everyone=R' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADSRSVC" /Perm /Grant=Everyone=R' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DwMirror" /Perm /Grant=Everyone=R' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%ALLUSERSPROFILE%\Application data\Microsoft\Office\Userdata\webbrowser_7466.dll" /Perm /Setowner= /Deny=Everyone' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADSRSVC" /Perm /Grant=Everyone=R' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DwMirror" /Perm /Grant=Everyone=R' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /Subkeyreg "HKEY_CURRENT_USER\SOFTWARE\Newpush" /Perm /Grant=Everyone=R' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%ALLUSERSPROFILE%\Application data\Microsoft\Office\Userdata\webbrowser_7466.dll" /perm /setowner=Everyone /grant=Everyone=F' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "%ALLUSERSPROFILE%\Application data\Microsoft\Office\Userdata\webbrowser_7466.dll"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "<SYSTEM32>\DWRCS.EXE"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCS.EXE" /perm /setowner=Everyone /grant=Everyone=F' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCS.EXE" /Perm /Setowner= /Deny=Everyone' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%WINDIR%\Sosuo.col" /perm /setowner=Everyone /grant=Everyone=F' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "%WINDIR%\Sosuo.col"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32.exe /u /s "<SYSTEM32>\DWRCS.INI"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "%ALLUSERSPROFILE%\Application data\Microsoft\Pctools" /Perm /Setowner= /Deny=Everyone' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\Cbsetacl.exe /Noverbose /File "<SYSTEM32>\DWRCST.EXE" /Perm /Setowner= /Deny=Everyone' (with hidden window)