Technical Information
- <SYSTEM32>\tasks\gyste
- <SYSTEM32>\tasks\lksdl
- <SYSTEM32>\tasks\jkdsp
- '<SYSTEM32>\cmd.exe' /c C:\Users\Public\kdodivalscm.bat
- C:\users\public\kdodivalscm.bat
- C:\users\public\ghslf.bat
- C:\users\public\dukes
- C:\users\public\odsa.txt
- '<SYSTEM32>\cmd.exe' /c C:\Users\Public\kdodivalscm.bat' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 5 /f /tn gyste /tr "C:\Users\Public\ghslf.bat"
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 7 /f /tn lksdl /tr "C:\Users\Public\Downloads\ms1oa.bat"
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 9 /f /tn jkdsp /tr "C:\Users\Public\dukes\dukes.exe"