Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MicrosoftSearchIndexer' = '"wscript.exe //E:vbscript %APPDATA%\MicrosoftSearchIndexer"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MicrosoftSearchIndexer' = '"wscript.exe //E:vbscript %APPDATA%\MicrosoftSearchIndexer"'
- '<SYSTEM32>\wscript.exe' //E:vbscript %APPDATA%\MicrosoftSearchIndexer
- '<SYSTEM32>\schtasks.exe' /create /f /sc minute /mo 1 /tn MicrosoftSearchIndexer /tr "wscript.exe //E:vbscript %APPDATA%\MicrosoftSearchIndexer"
- '%WINDIR%\explorer.exe' "<Полный путь к файлу>"
- %APPDATA%\MicrosoftSearchIndexer
- %TEMP%\RarSFX0\Users\Cliente\AppData\Roaming\MicrosoftSearchIndexer
- %TEMP%\RarSFX0\Users\Cliente\AppData\Roaming\MicrosoftSearchIndexer
- %TEMP%\RarSFX0\Users\Cliente\AppData\Roaming\MicrosoftSearchIndexer
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''