Техническая информация
- %WINDIR%\Tasks\Mirosoft-{3050F17F-98B5-11CF-BB82-00AA00BDCE01B}.job
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- '<SYSTEM32>\attrib.exe' +h +s +r Nvistail.exe
- '<SYSTEM32>\cacls.exe' %WINDIR%\Tasks\Mirosoft-{3050F17F-98B5-11CF-BB82-00AA00BDCE01B}.job /e /p everyone:R
- '<SYSTEM32>\cacls.exe' %WINDIR%\Tasks\Mirosoft-{3050F17F-98B5-11CF-BB82-00AA00BDCE01B}.job /e /p %USERNAME%s:R
- '<SYSTEM32>\cacls.exe' Nvistail.exe /e /p SYSTEM:R
- '<SYSTEM32>\cacls.exe' Nvistail.exe /e /p everyone:R
- '<SYSTEM32>\cacls.exe' Nvistail.exe /e /p %USERNAME%s:R
- '<SYSTEM32>\cacls.exe' Nvistail.exe /e /p %USERNAME%:R
- '<SYSTEM32>\schtasks.exe' /create /tn Mirosoft-{3050F17F-98B5-11CF-BB82-00AA00BDCE01B} /tr "%CommonProgramFiles%\Bdream\Nvistail.exe" /sc minute /mo 60 /ru system
- '<SYSTEM32>\net1.exe' start Schedule
- '<SYSTEM32>\sc.exe' config Schedule start= auto
- '<SYSTEM32>\attrib.exe' +h +s +r %WINDIR%\Tasks\Mirosoft-{3050F17F-98B5-11CF-BB82-00AA00BDCE01B}.job
- '<SYSTEM32>\cacls.exe' %WINDIR%\Tasks\Mirosoft-{3050F17F-98B5-11CF-BB82-00AA00BDCE01B}.job /e /p %USERNAME%:R
- '<SYSTEM32>\cacls.exe' %WINDIR%\Tasks\Mirosoft-{3050F17F-98B5-11CF-BB82-00AA00BDCE01B}.job /e /p SYSTEM:R
- '<SYSTEM32>\attrib.exe' +s +h +r %WINDIR%\Tasks\Mirosoft-{3050F17F-98B5-11CF-BB82-00AA00BDCE01B}.job
- %TEMP%\nsd3.tmp\ExecCmd.dll
- %CommonProgramFiles%\Bdream\Nvistail.exe
- %TEMP%\nsy2.tmp
- %CommonProgramFiles%\Bdream\Nvistail.exe
- %WINDIR%\Tasks\Mirosoft-{3050F17F-98B5-11CF-BB82-00AA00BDCE01B}.job
- %TEMP%\nsd3.tmp\ExecCmd.dll