Technical Information
- '' (downloaded from the Internet)
- '%APPDATA%\conhosts.exe'
- %APPDATA%\conhosts.exe
- <Current directory>\f3a31000
- <PATH_SAMPLE>.xls
- '19#.#2.89.27':80
- http://19#.#2.89.27/hcl/hclupdationprocessstartedrecentlytoimprovethequalityofservicetoconfirmentirethingsfineformtheside.doC
- http://19#.#2.89.27/1231/conhost.exe
- '%ProgramFiles%\microsoft office\office14\winword.exe' -Embedding
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding