Техническая информация
- %TEMP%\ytmp\tmp74255.bat
- %TEMP%\ytmp\tmp13115.exe
- %TEMP%\ytmp\tmp13115.exe
- '%WINDIR%\syswow64\cmd.exe' /c if not exist "%TEMP%\afolder" mkdir "%TEMP%\afolder"
- '%WINDIR%\syswow64\cmd.exe' /c if not exist "%TEMP%\ytmp" mkdir "%TEMP%\ytmp"
- '%WINDIR%\syswow64\cmd.exe' /c attrib +h %TEMP%\ytmp
- '%WINDIR%\syswow64\attrib.exe' +h %TEMP%\ytmp
- '%WINDIR%\syswow64\cmd.exe' /c cls
- '%WINDIR%\syswow64\cmd.exe' /c if exist "%TEMP%\ytmp\tmp74255.bat" del "%TEMP%\ytmp\tmp74255.bat"
- '%WINDIR%\syswow64\cmd.exe' /c if exist "%TEMP%\ytmp\tmp13115.exe" del "%TEMP%\ytmp\tmp13115.exe"
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\ytmp\tmp74255.bat "<Полный путь к файлу>"
- '%WINDIR%\syswow64\takeown.exe' /f "hosts"
- '%WINDIR%\syswow64\cmd.exe' /S /D /c" echo y"
- '%WINDIR%\syswow64\cacls.exe' "hosts" /g user:f
- '%WINDIR%\syswow64\attrib.exe' -R -S -H hosts
- '%WINDIR%\syswow64\attrib.exe' +S +H hosts