How does the memory loading backdoor (test1.aspx) execute a payload?

`test1.aspx` reads the `demodata` parameter from a POST request, base64-decodes it, and uses `System.Reflection.Assembly.Load` to load the resulting .NET assembly into memory. It then calls `CreateInstance("Payload").Equals("");` to execute the payload's code. This technique allows running arbitrary compiled .NET code without writing files, similar to the approach used in the HyperShell tool. For defense considerations, understanding Exchange Version Detection and Vulnerability Scanning can help identify vulnerable Exchange servers before such backdoors are deployed.