string

**Executive summary:** This report describes a confirmed compromise of a large Polish organisation via fake-CAPTCHA social-engineering leading to a curl|powershell drop, DLL side-loading of a Latrodectus sample and additional Supper payloads; it includes detailed technical analysis, extracted IoCs (file hashes, domains, C2 IPs), custom decryption routines, persistence mechanisms and a YARA rule for detection.