shadowbrokers-exploits/windows/Resources/Ep/Scripts/malfind/sig23user.eps
2017-04-14 11:45:07 +02:00

18 lines
No EOL
260 B
PostScript

@record on;
`regquery -hive U`;
@record off;
string $subkeys = GetCmdData('subkey');
string $subkey;
foreach $subkey ($subkeys)
{
if (`regquery -hive U -subkey "$subkey\\software\\microsoft\\NetWin"`)
{
return true;
}
}
return false;