Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = 'autocheck autochk *\nPartizan'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wscntfyys' = '<SYSTEM32>\wscntfyys.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'actmoviers' = '<SYSTEM32>\actmoviers.exe'
- <SYSTEM32>\Partizan.exe
- <SYSTEM32>\Partizan.rri
- <SYSTEM32>\actmoviers.exe
- 'localhost':1036
- 'pa#######008exe.serveblog.net':80
- 'pa#######008rri.redirectme.net':80
- 'sm###.uol.com.br':25
- http://pa#######008exe.serveblog.net/
- http://pa#######008rri.redirectme.net/
- DNS ASK pa#######008exe.serveblog.net
- DNS ASK pa#######008rri.redirectme.net
- DNS ASK sm###.uol.com.br