Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'xrdwbfgn' = '{8A1B10D0-7875-40BC-80C6-534AC243718F}'
- %TEMP%\desktop_background.zip
- 'on####pro2008.com':80
- on####pro2008.com/dw.php?si####################
- DNS ASK on####pro2008.com