Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'TitanBot' = '%HOMEPATH%\AppData\Roaming\TitanWare\Application.exe'
- %WINDIR%\Tasks\SystemCare64.job
- %WINDIR%\Tasks\SystemCare.job
- %HOMEPATH%\Start Menu\Programs\Startup\Application.exe
- '<SYSTEM32>\schtasks.exe' /create /tn "SystemCare" /tr "%ProgramFiles%\$SystemReserved\verified\Application.exe" /ru SYSTEM /sc onstart
- '<SYSTEM32>\schtasks.exe' /create /tn "SystemCare64" /tr "%ProgramFiles%\$SystemReserved\verified\Application.exe" /ru SYSTEM /sc onstart
- '<SYSTEM32>\cmd.exe' /C schtasks /create /tn "SystemCare64" /tr "%ProgramFiles%\$SystemReserved\verified\Application.exe" /ru SYSTEM /sc onstart
- 'C:\ProgramData\Winst\PackageManager429.exe'
- '<SYSTEM32>\cmd.exe' /C schtasks /create /tn "SystemCare" /tr "%ProgramFiles%\$SystemReserved\verified\Application.exe" /ru SYSTEM /sc onstart
- %HOMEPATH%\AppData\Roaming\TitanWare\Application.exe
- C:\ProgramData\Winst\PackageManager429.exe
- %HOMEPATH%\Start Menu\Programs\Startup\Application.exe
- %HOMEPATH%\AppData\Roaming\TitanWare\Application.exe
- %HOMEPATH%\AppData\Roaming\TitanWare\Application.exe
- 'localhost':1039
- 'localhost':1040
- 'localhost':1037
- 'localhost':1038
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''