In many instances when sending emails, the attacker has been using domains and websites ... which launches a PowerShell command when clicked. The command then finds and pulls out another PowerShell ...