Technical Information
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over282892\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over168904\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over182543\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over617524\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over721126\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over738826\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over611179\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over253267\v32.cab
- <Current directory>\files\setup.exe
- %TEMP%\over611179\$dpx$.tmp\e039838301789a4c9645ffa418fc0a4a.tmp
- %TEMP%\over611179\v32.cab
- %TEMP%\over738826\v32.txt
- %TEMP%\over738826\$dpx$.tmp\53b02a4216031c48b68718c8b57479f8.tmp
- %TEMP%\over738826\v32.cab
- %TEMP%\over721126\v32.txt
- %TEMP%\over721126\$dpx$.tmp\1049cb04ef6d864d92924235c3ac3d55.tmp
- %TEMP%\over721126\v32.cab
- %TEMP%\over617524\v32.txt
- %TEMP%\over617524\$dpx$.tmp\d1d520a7cae7484ea7a8b82517f14179.tmp
- %TEMP%\over617524\v32.cab
- %TEMP%\over182543\v32.txt
- %TEMP%\over182543\$dpx$.tmp\2df5246e54e16d4e99b8eb07ab06c882.tmp
- %TEMP%\over182543\v32.cab
- %TEMP%\over168904\v32.txt
- %TEMP%\over168904\$dpx$.tmp\0e731355a4f84b43807ddb734ad54485.tmp
- %TEMP%\over168904\v32.cab
- %TEMP%\over282892\v32.txt
- %TEMP%\over282892\$dpx$.tmp\033f5981e828a046aba312d850bed4db.tmp
- %TEMP%\over282892\v32.cab
- <Current directory>\files\configure.xml
- <Current directory>\files\x86\msvcr100.dll
- <Current directory>\files\x86\cleanospp.exe
- <Current directory>\files\x64\msvcr100.dll
- <Current directory>\files\x64\cleanospp.exe
- <Current directory>\files\uninstall.xml
- <Current directory>\files\files.dat
- %TEMP%\over611179\v32.txt
- %TEMP%\over253267\v32.cab
- <Current directory>\files\files.dat
- %TEMP%\over611179\v32.txt
- %TEMP%\over611179\v32.cab
- %TEMP%\over738826\versiondescriptor.xml
- %TEMP%\over738826\v32.txt
- %TEMP%\over738826\v32.cab
- %TEMP%\over721126\versiondescriptor.xml
- %TEMP%\over721126\v32.txt
- %TEMP%\over721126\v32.cab
- %TEMP%\over617524\versiondescriptor.xml
- %TEMP%\over611179\versiondescriptor.xml
- %TEMP%\over617524\v32.txt
- %TEMP%\over182543\versiondescriptor.xml
- %TEMP%\over182543\v32.txt
- %TEMP%\over182543\v32.cab
- %TEMP%\over168904\versiondescriptor.xml
- %TEMP%\over168904\v32.txt
- %TEMP%\over168904\v32.cab
- %TEMP%\over282892\versiondescriptor.xml
- %TEMP%\over282892\v32.txt
- %TEMP%\over282892\v32.cab
- %TEMP%\over617524\v32.cab
- %TEMP%\over253267\v32.cab
- from %TEMP%\over282892\$dpx$.tmp\033f5981e828a046aba312d850bed4db.tmp to %TEMP%\over282892\versiondescriptor.xml
- from %TEMP%\over168904\$dpx$.tmp\0e731355a4f84b43807ddb734ad54485.tmp to %TEMP%\over168904\versiondescriptor.xml
- from %TEMP%\over182543\$dpx$.tmp\2df5246e54e16d4e99b8eb07ab06c882.tmp to %TEMP%\over182543\versiondescriptor.xml
- from %TEMP%\over617524\$dpx$.tmp\d1d520a7cae7484ea7a8b82517f14179.tmp to %TEMP%\over617524\versiondescriptor.xml
- from %TEMP%\over721126\$dpx$.tmp\1049cb04ef6d864d92924235c3ac3d55.tmp to %TEMP%\over721126\versiondescriptor.xml
- from %TEMP%\over738826\$dpx$.tmp\53b02a4216031c48b68718c8b57479f8.tmp to %TEMP%\over738826\versiondescriptor.xml
- from %TEMP%\over611179\$dpx$.tmp\e039838301789a4c9645ffa418fc0a4a.tmp to %TEMP%\over611179\versiondescriptor.xml
- 'officecdn.microsoft.com':80
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab
- DNS ASK officecdn.microsoft.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over168904\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<Current directory>\files\files.dat' -y -pkmsauto
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over721126\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over611179\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over282892\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over182543\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over617524\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over738826\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over738826' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over617524\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over611179\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over611179' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over611179\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over721126\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings" /v Enabled /t REG_DWORD /d 1 /f' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over738826\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over721126\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over721126' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over738826\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over253267\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over617524\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over168904\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /D /c files.dat -y -pkmsauto' (with hidden window)
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over617524' (with hidden window)
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over282892' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over282892\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over282892\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over168904' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over168904\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over182543\v32.cab') }"' (with hidden window)
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over182543' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over182543\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over253267' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over253267\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings" /v Enabled /t REG_DWORD /d 1 /f
- '<SYSTEM32>\cmd.exe' /D /c files.dat -y -pkmsauto
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over282892
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over168904
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over182543
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over617524
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over721126
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over738826
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over611179
- '<SYSTEM32>\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over253267
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over253267\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }