Техническая информация
- %WINDIR%\Tasks\security.job
- <SYSTEM32>\find.exe "ProductName"
- <SYSTEM32>\schtasks.exe /create /tn "security" /sc minute /mo 1 /ru "NT AUTHORITY\SYSTEM" /tr "<SYSTEM32>\sysfiles\send_IP.exe"
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\winver.bat" "
- <SYSTEM32>\reg.exe query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName
- %TEMP%\1.tmp\winver.bat
- %TEMP%\1.tmp\winver.bat