Technical Information
- '' (downloaded from the Internet)
- '%APPDATA%\conhost.exe'
- %APPDATA%\conhost.exe
- <Current directory>\fc221000
- <PATH_SAMPLE>.xls
- '17#.#45.208.28':80
- http://17#.#45.208.28/wedf/wed/microsoftreturnedthrpolicytocontineutheserviceupdationfromthesystemprotocoltounderstandentireprocessfromth.doC
- http://17#.#45.208.28/5299/conhost.exe
- '%ProgramFiles%\microsoft office\office14\winword.exe' -Embedding
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding