Technical Information
- User Account Control (UAC)
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '<Full path to file>' = '00000000'
- http://co####boxorozor.com/base/A11311FB48E1C130CD983DCA0B7B9159.html
- http://co####boxorozor.com/base/16DB6DA61766AE0A859DD4A1C6E1A9E8.html
- DNS ASK co####boxorozor.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "<Full path to file>" -Force' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout 1' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "<Full path to file>" -Force
- '%WINDIR%\syswow64\cmd.exe' /c timeout 1
- '%WINDIR%\syswow64\timeout.exe' 1