Technical Information
- '<SYSTEM32>\taskkill.exe' /IM cmstp.exe /F
- <SYSTEM32>\cmstp.exe
- %WINDIR%\temp\hkrfd3ix.exe
- %WINDIR%\temp\xjedat5w.inf
- %WINDIR%\syswow64\monoshock.exe
- %WINDIR%\syswow64\fan.exe
- %WINDIR%\syswow64\cer.exe
- %WINDIR%\syswow64\infinite.exe
- %WINDIR%\syswow64\deria.exe
- %WINDIR%\syswow64\orka.hta
- %WINDIR%\syswow64\downloader.dll
- 'cd#.##scordapp.com':443
- 'microsoft.com':80
- 'cd#.##scordapp.com':443
- DNS ASK cd#.##scordapp.com
- DNS ASK microsoft.com
- ClassName: '' WindowName: ''
- '%WINDIR%\temp\hkrfd3ix.exe'
- '%WINDIR%\syswow64\monoshock.exe'
- '<SYSTEM32>\cmstp.exe' /au %WINDIR%\temp\xjedat5w.inf
- '<SYSTEM32>\cmd.exe' /c start %WINDIR%\temp\hkrfd3ix.exe