Technical Information
- '' (downloaded from the Internet)
- '%APPDATA%\conhost.exe'
- %APPDATA%\conhost.exe
- <Current directory>\d9001000
- '19#.#.176.142':80
- http://19#.#.176.142/cdrr/balloneprojectmovedwellwithnewadvancetechnologyandinstantupdateandupgradefromthepcthroughotherpc.doC
- http://19#.#.176.142/54444/conhost.exe
- '%ProgramFiles%\microsoft office\office14\winword.exe' -Embedding
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding