Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'xrdwbfgn' = '{0AE7DD85-A256-4838-8B3D-21A803A1C339}'
- %TEMP%\desktop_background.zip
- 'on####pro2008.com':80
- on####pro2008.com/dw.php?si####################
- DNS ASK on####pro2008.com