Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NewApp' = '%APPDATA%\NewApp\NewApp.exe'
- %APPDATA%\newapp\newapp.exe
- %APPDATA%\newapp\newapp.exe
- DNS ASK co####boxorozor.com
- '%WINDIR%\syswow64\cmd.exe' /c timeout 1' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout 1
- '%WINDIR%\syswow64\timeout.exe' 1