Technical Information
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over881569\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over431731\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over241517\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over518028\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over883086\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over232654\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over928955\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over410868\v32.cab
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/office/data/v32.cab as %temp%\over410009\v32.cab
- <Current directory>\files\setup.exe
- %TEMP%\over928955\v32.cab
- %TEMP%\over232654\v32.txt
- %TEMP%\over232654\$dpx$.tmp\78bb31e263f4934aa5a6e2c6fa0ae6cb.tmp
- %TEMP%\over232654\v32.cab
- %TEMP%\over883086\v32.txt
- %TEMP%\over883086\$dpx$.tmp\8f3bbfb800ec18458c520cd015095882.tmp
- %TEMP%\over883086\v32.cab
- %TEMP%\over518028\v32.txt
- %TEMP%\over518028\$dpx$.tmp\2da4fc4c116dfd468864ef823bf44e60.tmp
- %TEMP%\over518028\v32.cab
- %TEMP%\over241517\v32.txt
- %TEMP%\over241517\$dpx$.tmp\bc5e8f4b9c789449be21dec101924034.tmp
- %TEMP%\over928955\$dpx$.tmp\e44b34cffb8e9f4982b2ee747298da52.tmp
- %TEMP%\over241517\v32.cab
- %TEMP%\over431731\$dpx$.tmp\8a8ad18a7d49f84095bbdce41b508db8.tmp
- %TEMP%\over431731\v32.cab
- %TEMP%\over881569\v32.txt
- %TEMP%\over881569\$dpx$.tmp\ab4cbcb6e849ea4ca95faa19b590be04.tmp
- %TEMP%\over881569\v32.cab
- <Current directory>\files\configure.xml
- <Current directory>\files\x86\msvcr100.dll
- <Current directory>\files\x86\cleanospp.exe
- <Current directory>\files\x64\msvcr100.dll
- <Current directory>\files\x64\cleanospp.exe
- <Current directory>\files\uninstall.xml
- <Current directory>\files\files.dat
- %TEMP%\over431731\v32.txt
- %TEMP%\over928955\v32.txt
- <Current directory>\files\files.dat
- %TEMP%\over928955\v32.cab
- %TEMP%\over232654\versiondescriptor.xml
- %TEMP%\over232654\v32.txt
- %TEMP%\over232654\v32.cab
- %TEMP%\over883086\versiondescriptor.xml
- %TEMP%\over883086\v32.txt
- %TEMP%\over883086\v32.cab
- %TEMP%\over518028\versiondescriptor.xml
- %TEMP%\over518028\v32.txt
- %TEMP%\over518028\v32.cab
- %TEMP%\over241517\versiondescriptor.xml
- %TEMP%\over241517\v32.txt
- %TEMP%\over241517\v32.cab
- %TEMP%\over431731\versiondescriptor.xml
- %TEMP%\over431731\v32.txt
- %TEMP%\over431731\v32.cab
- %TEMP%\over881569\versiondescriptor.xml
- %TEMP%\over881569\v32.txt
- %TEMP%\over881569\v32.cab
- %TEMP%\over928955\v32.txt
- %TEMP%\over928955\versiondescriptor.xml
- from %TEMP%\over881569\$dpx$.tmp\ab4cbcb6e849ea4ca95faa19b590be04.tmp to %TEMP%\over881569\versiondescriptor.xml
- from %TEMP%\over431731\$dpx$.tmp\8a8ad18a7d49f84095bbdce41b508db8.tmp to %TEMP%\over431731\versiondescriptor.xml
- from %TEMP%\over241517\$dpx$.tmp\bc5e8f4b9c789449be21dec101924034.tmp to %TEMP%\over241517\versiondescriptor.xml
- from %TEMP%\over518028\$dpx$.tmp\2da4fc4c116dfd468864ef823bf44e60.tmp to %TEMP%\over518028\versiondescriptor.xml
- from %TEMP%\over883086\$dpx$.tmp\8f3bbfb800ec18458c520cd015095882.tmp to %TEMP%\over883086\versiondescriptor.xml
- from %TEMP%\over232654\$dpx$.tmp\78bb31e263f4934aa5a6e2c6fa0ae6cb.tmp to %TEMP%\over232654\versiondescriptor.xml
- from %TEMP%\over928955\$dpx$.tmp\e44b34cffb8e9f4982b2ee747298da52.tmp to %TEMP%\over928955\versiondescriptor.xml
- 'officecdn.microsoft.com':80
- http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab
- DNS ASK officecdn.microsoft.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over928955\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over518028\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over232654\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over241517\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over431731\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over883086\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over881569\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '<Current directory>\files\files.dat' -y -pkmsauto
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over410868' (with hidden window)
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over883086' (with hidden window)
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over232654' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over410009\v32.cab') }"' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over232654\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over883086\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over928955\v32.cab') }"' (with hidden window)
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over928955' (with hidden window)
- '<SYSTEM32>\cmd.exe' /D /c files.dat -y -pkmsauto' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over928955\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over410868\v32.cab') }"' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over410868\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over232654\v32.cab') }"' (with hidden window)
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over881569' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over431731\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over881569\v32.cab') }"' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over518028\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over410009' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over431731\v32.cab') }"' (with hidden window)
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over431731' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over881569\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over241517\v32.cab') }"' (with hidden window)
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over241517' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over241517\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over518028\v32.cab') }"' (with hidden window)
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over518028' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { (New-Object Net.WebClient).DownloadFile('http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab', '%TEMP%\over883086\v32.cab') }"' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over410009\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }' (with hidden window)
- '<SYSTEM32>\cmd.exe' /D /c files.dat -y -pkmsauto
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over881569
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over431731
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over241517
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over518028
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over883086
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over232654
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over928955
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over410868
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over410868\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }
- '%WINDIR%\syswow64\expand.exe' v32.cab -F:VersionDescriptor.xml %TEMP%\over410009
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command "& { Get-Content %TEMP%\over410009\VersionDescriptor.xml | Set-Content -Encoding ASCII v32.txt }