Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ISOlines] 'Start' = '00000002'
- <SYSTEM32>\cmd.exe /c TATA.bat
- <SYSTEM32>\svchost.exe -k netsvcs
- %WINDIR%\ExPNanDm.dll.uns
- <Текущая директория>\TATA.bat
- %WINDIR%\ExPNanDm.dll
- %WINDIR%\TAAT.ini
- %WINDIR%\ExPNanDm.dll.uns
- %WINDIR%\ExPNanDm.dll
- %WINDIR%\TAAT.ini
- 'ma####3.3322.org':3600
- DNS ASK ma####3.3322.org
- ClassName: 'MS_WINHELP' WindowName: ''