Technical Information
- http://co####boxorozor.com/base/D9CFC9FB28456A5A139C9F495F1407BB.html
- http://co####boxorozor.com/base/40146EDED8BA63D6AE3F2DAF99B02171.html
- DNS ASK co####boxorozor.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "%WINDIR%\Cursors\HbzxlmpZrwoQrExpYSCweYrh\svchost.exe" -Force' (with hidden window)
- '%TEMP%\efc3819a-c051-4cc7-8488-1bb3f2be4f6e\advancedrun.exe' /EXEFilename "%TEMP%\efc3819a-c051-4cc7-8488-1bb3f2be4f6e\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "<Full path to file>" -Force' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout 1' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "%WINDIR%\Cursors\HbzxlmpZrwoQrExpYSCweYrh\svchost.exe" -Force
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "<Full path to file>" -Force
- '%WINDIR%\syswow64\cmd.exe' /c timeout 1
- '%WINDIR%\syswow64\timeout.exe' 1
- '%WINDIR%\microsoft.net\framework\v4.0.30319\caspol.exe'