Technical Information
- %TEMP%\aut9d86.tmp
- %WINDIR%\temp\kes.exe
- %TEMP%\aut9de5.tmp
- %WINDIR%\temp\yx.bat
- nul
- %TEMP%\aut9d86.tmp
- %TEMP%\aut9de5.tmp
- %WINDIR%\temp\kes.exe
- '%WINDIR%\temp\kes.exe'
- '%WINDIR%\syswow64\cmd.exe' /c "%WINDIR%\Temp\yx.bat"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "%WINDIR%\Temp\yx.bat"
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\Temp\yx.bat
- '<SYSTEM32>\cacls.exe' "<SYSTEM32>\config\system"