Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Flkzsm' = 'C:\Users\Public\mszklF.url'
- %WINDIR%\syswow64\dpiscaling.exe
- C:\users\public\flkzsm\flkzsm.exe
- C:\users\public\mszklf.url
- C:\users\public\kdeco.bat
- C:\users\public\uko.bat
- C:\users\public\trast.bat
- C:\users\public\nest
- C:\users\public\kdeco.bat
- C:\users\public\uko.bat
- C:\users\public\trast.bat
- 'cd#.##scordapp.com':443
- 'cd#.##scordapp.com':443
- DNS ASK cd#.##scordapp.com
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\Trast.bat" "' (with hidden window)
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 2 "<Full path to file>"
- '%WINDIR%\syswow64\dpiscaling.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\Trast.bat" "
- '%WINDIR%\syswow64\cmd.exe' /K C:\Users\Public\UKO.bat
- '%WINDIR%\syswow64\reg.exe' delete hkcu\Environment /v windir /f
- '%WINDIR%\syswow64\reg.exe' add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\KDECO.bat reg delete hkcu\Environment /v windir /f && REM "
- '%WINDIR%\syswow64\schtasks.exe' /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I