Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'onfwbsak' = '{50A56FC2-653C-48EA-9E7C-C0134CCE9773}'
- %TEMP%\desktop_background.zip
- 'on#####ro---2008.com':80
- on#####ro---2008.com/dw.php?si####################
- DNS ASK on#####ro---2008.com