Техническая информация
- [<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN] 'codestale.vbs' = 'WScript.exe //b //e:vbscript "%TEMP%\codestale.vbs"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\codestale.vbs.vbs
- %TEMP%\codestale.vbs
- '%WINDIR%\syswow64\wscript.exe' //b //e:vbscript "<PATH_SAMPLE>.vbs"