Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'ngwstxfd' = '{71B2E01C-AA2D-44CD-BACC-577BF07342E0}'
- %TEMP%\desktop_background.zip
- 'on#####ro---2008.com':80
- on#####ro---2008.com/dw.php?si####################
- DNS ASK on#####ro---2008.com