Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\36113faf-58ce-4602-af88-ba0643573043] 'ImagePath' = '"<LS_APPDATA>\Microsoft\f61b22b6-93dd-60d8-6159-7038eb552493\770ad7f7-2553-433e-a843-d0f113fb32bd.exe"...
- [<HKLM>\SYSTEM\ControlSet001\Services\36113faf-58ce-4602-af88-ba0643573043] 'Start' = '00000002'
- '<LS_APPDATA>\Microsoft\f61b22b6-93dd-60d8-6159-7038eb552493\770ad7f7-2553-433e-a843-d0f113fb32bd.exe'
- '<LS_APPDATA>\Microsoft\f61b22b6-93dd-60d8-6159-7038eb552493\770ad7f7-2553-433e-a843-d0f113fb32bd.exe'
- '<SYSTEM32>\dllhost.exe'
- '<SYSTEM32>\svchost.exe'
- '<LS_APPDATA>\Microsoft\f61b22b6-93dd-60d8-6159-7038eb552493\770ad7f7-2553-433e-a843-d0f113fb32bd.exe' svc 36113faf-58ce-4602-af88-ba0643573043
- <SYSTEM32>\dllhost.exe
- <SYSTEM32>\svchost.exe
- <LS_APPDATA>\Microsoft\f61b22b6-93dd-60d8-6159-7038eb552493\770ad7f7-2553-433e-a843-d0f113fb32bd.exe
- <LS_APPDATA>\Microsoft\7ddea54f-5373-6075-7dcb-aa365b908671\448aa97b-8944-66b1-6191-d494cdd74287
- <LS_APPDATA>\Microsoft\7ddea54f-5373-6075-7dcb-aa365b908671\a5a21de1-be3c-616b-73e6-5aa19b210471
- 'ar###putane.com':80
- http://ar###putane.com/client
- DNS ASK ar###putane.com