Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\PowerManagement] 'Start' = '00000002'
- <SYSTEM32>\net1.exe start
- <SYSTEM32>\systeminfo.exe
- <SYSTEM32>\ipconfig.exe /all
- <SYSTEM32>\net1.exe start PowerManagement
- <SYSTEM32>\cmd.exe /c RunDll.bat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2LM5OP\in[1].php
- <SYSTEM32>\Sysinfo.txt
- <SYSTEM32>\RunDll.bat
- 'pi###palace.org':80
- '74.##5.232.51':80
- pi###palace.org/Mody/Veng/MZ?
- pi###palace.org/Mody/in.php?sy#######################
- DNS ASK pi###palace.org
- DNS ASK google.com