Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQAwADsAIABSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAiAEMAOgBcAGsAcgB5AG8AcQBcAG4AawBoAGMALgBlAHgAZQAiACAALQBGAG8AcgBjAGUA' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQAwADsAIABSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAiAEMAOgBcAGsAcgB5AG8AcQBcAG4AawBoAGMALgBlAHgAZQAiACAALQBGAG8AcgBjAGUA