Technical Information
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over199249\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over425467\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over462297\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over253979\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over170024\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over809872\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over357457\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over949811\v32.cab
- <Current directory>\files\setup.exe
- %TEMP%\over949811\v32.cab
- %TEMP%\over357457\v32.txt
- %TEMP%\over357457\$dpx$.tmp\24753e1445277846805c72e1255aac28.tmp
- %TEMP%\over357457\v32.cab
- %TEMP%\over809872\v32.txt
- %TEMP%\over809872\$dpx$.tmp\84917ffc510afd42bcf452a338943259.tmp
- %TEMP%\over809872\v32.cab
- %TEMP%\over170024\v32.txt
- %TEMP%\over170024\$dpx$.tmp\4d429935e2c40249b3d747d76b1c16b3.tmp
- %TEMP%\over170024\v32.cab
- %TEMP%\over253979\v32.txt
- %TEMP%\over253979\$dpx$.tmp\f18e3891e840124c958b9eb6b2deb2af.tmp
- %TEMP%\over253979\v32.cab
- %TEMP%\over462297\v32.txt
- %TEMP%\over462297\$dpx$.tmp\b0d7284aab1df44c8dd2f2d7fc19234d.tmp
- %TEMP%\over462297\v32.cab
- %TEMP%\over425467\v32.txt
- %TEMP%\over425467\$dpx$.tmp\e90c89d5c10ab446b56172325ac22fda.tmp
- %TEMP%\over425467\v32.cab
- %TEMP%\over199249\v32.txt
- %TEMP%\over199249\$dpx$.tmp\a5e22f284faee9428f1034c80809c1bd.tmp
- %TEMP%\over199249\v32.cab
- <Current directory>\files\configure.xml
- <Current directory>\files\x86\msvcr100.dll
- <Current directory>\files\x86\cleanospp.exe
- <Current directory>\files\x64\msvcr100.dll
- <Current directory>\files\x64\cleanospp.exe
- <Current directory>\files\uninstall.xml
- <Current directory>\files\files.dat
- %TEMP%\over949811\$dpx$.tmp\4005793755a338488d26bbe9ea830334.tmp
- %TEMP%\over949811\v32.txt
- <Current directory>\files\files.dat
- %TEMP%\over949811\v32.cab
- %TEMP%\over357457\versiondescriptor.xml
- %TEMP%\over357457\v32.txt
- %TEMP%\over357457\v32.cab
- %TEMP%\over809872\versiondescriptor.xml
- %TEMP%\over809872\v32.txt
- %TEMP%\over809872\v32.cab
- %TEMP%\over170024\versiondescriptor.xml
- %TEMP%\over170024\v32.txt
- %TEMP%\over170024\v32.cab
- %TEMP%\over949811\v32.txt
- %TEMP%\over253979\versiondescriptor.xml
- %TEMP%\over253979\v32.cab
- %TEMP%\over462297\versiondescriptor.xml
- %TEMP%\over462297\v32.txt
- %TEMP%\over462297\v32.cab
- %TEMP%\over425467\versiondescriptor.xml
- %TEMP%\over425467\v32.txt
- %TEMP%\over425467\v32.cab
- %TEMP%\over199249\versiondescriptor.xml
- %TEMP%\over199249\v32.txt
- %TEMP%\over199249\v32.cab
- %TEMP%\over253979\v32.txt
- %TEMP%\over949811\versiondescriptor.xml
- from %TEMP%\over199249\$dpx$.tmp\a5e22f284faee9428f1034c80809c1bd.tmp to %TEMP%\over199249\versiondescriptor.xml
- from %TEMP%\over425467\$dpx$.tmp\e90c89d5c10ab446b56172325ac22fda.tmp to %TEMP%\over425467\versiondescriptor.xml
- from %TEMP%\over462297\$dpx$.tmp\b0d7284aab1df44c8dd2f2d7fc19234d.tmp to %TEMP%\over462297\versiondescriptor.xml
- from %TEMP%\over253979\$dpx$.tmp\f18e3891e840124c958b9eb6b2deb2af.tmp to %TEMP%\over253979\versiondescriptor.xml
- from %TEMP%\over170024\$dpx$.tmp\4d429935e2c40249b3d747d76b1c16b3.tmp to %TEMP%\over170024\versiondescriptor.xml
- from %TEMP%\over809872\$dpx$.tmp\84917ffc510afd42bcf452a338943259.tmp to %TEMP%\over809872\versiondescriptor.xml
- from %TEMP%\over357457\$dpx$.tmp\24753e1445277846805c72e1255aac28.tmp to %TEMP%\over357457\versiondescriptor.xml
- from %TEMP%\over949811\$dpx$.tmp\4005793755a338488d26bbe9ea830334.tmp to %TEMP%\over949811\versiondescriptor.xml
- 'officecdn.microsoft.com':80
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab
- DNS ASK officecdn.microsoft.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over253979\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over170024\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over462297\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over809872\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over949811\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over357457\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over425467\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<Current directory>\files\files.dat' -y -pkmsauto
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over199249\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over170024' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over170024\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over170024\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over809872\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over809872' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over357457\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over809872\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over357457\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings" /v Enabled /t REG_DWORD /d 1 /f' (with hidden window)
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over357457' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over949811\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over949811' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over253979\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over425467\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /D /c files.dat -y -pkmsauto' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over253979\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over199249' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over199249\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over199249\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over425467' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over425467\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over462297\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over462297' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over462297\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over253979' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over949811\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings" /v Enabled /t REG_DWORD /d 1 /f
- '<SYSTEM32>\cmd.exe' /D /c files.dat -y -pkmsauto
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over199249
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over425467
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over462297
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over253979
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over170024
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over809872
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over357457
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over949811