Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'gofast' = '%APPDATA%\2345.com\gofast.exe'
- '%APPDATA%\2345.com\gofast.exe'
- '<SYSTEM32>\sc.exe' config AERTFilters start= demand
- '<SYSTEM32>\sc.exe' config QiyiService start= demand
- '<SYSTEM32>\sc.exe' start QQCertificateService
- '<SYSTEM32>\sc.exe' config QQCertificateService start= demand
- '<SYSTEM32>\sc.exe' config MpsSvc start= demand
- '<SYSTEM32>\sc.exe' config 2345Safe start= demand
- '<SYSTEM32>\sc.exe' config AlipaySecSvc start= demand
- '<SYSTEM32>\sc.exe' config wscsvc start= demand
- '<SYSTEM32>\sc.exe' config wuauserv start= demand
- %APPDATA%\2345.com\gofast.exe
- ClassName: 'Indicator' WindowName: '(null)'