Technical Information
- '%TEMP%\mondi.exe'
- '%WINDIR%\syswow64\taskkill.exe' /F /IM winword.exe /T
- '%WINDIR%\syswow64\cmd.exe' CmD /c %tMP%\dqfm.cmd Вђ ! abDac
- %WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe
- %TEMP%\trbatehtqevyay.sct
- %TEMP%\gondi.doc
- %TEMP%\mondi.exe
- %TEMP%\dqfm.cmd
- %TEMP%\hondi.cmd
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' CmD /c %tMP%\dqfm.cmd Вђ ! abDac' (with hidden window)
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding
- '%WINDIR%\syswow64\cmd.exe' /K %TEMP%\"hondi.cmd"
- '%WINDIR%\syswow64\timeout.exe' 1
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe'