Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'ngwstxfd' = '{6BF4E1ED-BA24-4F02-9F5D-36520FD3B044}'
- %TEMP%\desktop_background.zip
- 'on#####ro---2008.com':80
- on#####ro---2008.com/dw.php?si####################
- DNS ASK on#####ro---2008.com