Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'ngwstxfd' = '{756AB6BE-64D2-4F8C-8563-7BF608EFC800}'
- %TEMP%\desktop_background.zip
- 'on#####ro---2008.com':80
- on#####ro---2008.com/dw.php?si####################
- DNS ASK on#####ro---2008.com