Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'lfstbwvd' = '{B2F6EF99-FFD6-4D4A-8E4E-71E2AE5E455C}'
- %TEMP%\desktop_background.zip
- 'on#####ro---2008.com':80
- on#####ro---2008.com/dw.php?si####################
- DNS ASK on#####ro---2008.com