Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'mspost.dll' = '{46279257-2463-2796-3683-279268379362}'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\vwor.bat" "
- %TEMP%\vwor.bat
- <SYSTEM32>\mspost.dll
- 'www.wo####fproxy.net':80
- www.wo####fproxy.net/stat.php
- DNS ASK www.wo####fproxy.net