Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%APPDATA%\lwzy.exe'
- %WINDIR%\Explorer.EXE
- %APPDATA%\lwzy.exe
- %APPDATA%\lwzy.exe
- DNS ASK ms.##chatz.com
- DNS ASK sa#.##atsmate.com
- 'ms.##chatz.com':5901
- 'sa#.##atsmate.com':5901
- ClassName: 'Progman' WindowName: ''