Sodinokibi ransomware searches for South Korean antivirus "Ahnlab" to inject its payload (because its autoup.exe is vulnerable). Also uses Windows' CompMgmtLauncher.exe's complete lack of checks to bypass UAC.