Technical Information
- '%ProgramFiles%\microsoft office\office14\clview.exe' "EXCEL" "Microsoft Excel"
- '<SYSTEM32>\cmd.exe' /c attrib -S -h "%APPDATA%\Microsoft\Excel\XLSTART\K4.XLS"
- '<SYSTEM32>\cmd.exe' /c Del /F /Q "%APPDATA%\Microsoft\Excel\XLSTART\K4.XLS"
- '<SYSTEM32>\cmd.exe' /c RD /S /Q "%APPDATA%\Microsoft\Excel\XLSTART\K4.XLS"
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1436
- %ALLUSERSPROFILE%\microsoft help\ms.excel.14.1033_1033_mvalidator.lck
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\toc[1].xsl
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\ont.css
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\ont[1].css
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\script.js
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\script[1].js
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\contenthxs.css
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\contenthxs[1].css
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\clvtitlebg.gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\clvtitlebg[1].gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\clvbluebg.gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\clvbluebg[1].gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\clvgraybg.gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\clvgraybg[1].gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\toc.xsl
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\offlineclientviewer.xml
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\offlineclientviewer.xsl
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\offlineclientviewer[1].xsl
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\clvimagepanemedia.jpg
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\clvimagepanemedia[1].jpg
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\cvglobal.xsl
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\cvglobal[1].xsl
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\cvglobalstrings.xml
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\cvglobalstrings[1].xml
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\bullet.png
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\bullet[1].png
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\clv14titlebarbg.png
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\clv14titlebarbg[1].png
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\page-lsd.png
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\offlineclientviewer[1].xml
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\tbgradient[1].gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\tbgradient.gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\search[1].xsl
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012022072820220729\index.dat
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\browse0.excel.xml
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\back.gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\back[1].gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\back2.gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\back2[1].gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\bulletl.gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\bulletl[1].gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\errexcl.gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\errexcl[1].gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\help.gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\help[1].gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\helpid.xsl
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\helpid[1].xsl
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\logo.gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\logo[1].gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\message.xsl
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\message[1].xsl
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\next.gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\next[1].gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\next2.gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\next2[1].gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\online.gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\online[1].gif
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\content.css
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\content[1].css
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\office12.js
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\office12[1].js
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\search.xsl
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\page-lsd[1].png
- <Current directory>\cc021000
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\page-lsh.png
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\page-rsd.png
- %ALLUSERSPROFILE%\microsoft help\ms.excel.14.1033_1033_mkwd_k.hxw
- %TEMP%\imte549.tmp
- %TEMP%\imte538.tmp
- %TEMP%\imte528.tmp
- %TEMP%\imte517.tmp
- %TEMP%\imte506.tmp
- %TEMP%\imte4f6.tmp
- %TEMP%\imte4e5.tmp
- %TEMP%\imte4c5.tmp
- %TEMP%\imte4c4.tmp
- %TEMP%\imte4c3.tmp
- %TEMP%\imte4b2.tmp
- %ALLUSERSPROFILE%\microsoft help\ms.excel.14.1033_1033_mkwd_f.hxw
- %TEMP%\imte569.tmp
- %TEMP%\imte4a2.tmp
- %TEMP%\imte481.tmp
- %TEMP%\imte432.tmp
- %TEMP%\imte421.tmp
- %TEMP%\imte420.tmp
- %TEMP%\imte400.tmp
- %TEMP%\imte3e0.tmp
- %TEMP%\imte3cf.tmp
- %TEMP%\imte380.tmp
- %TEMP%\imte37f.tmp
- %TEMP%\imte36e.tmp
- %TEMP%\imte34e.tmp
- %ALLUSERSPROFILE%\microsoft help\ms.excel.14.1033_1033_mtoc_excel_col.hxh
- %TEMP%\imte2f0.tmp
- %TEMP%\imte491.tmp
- %TEMP%\imte57a.tmp
- %TEMP%\imte57b.tmp
- %TEMP%\imte57c.tmp
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\page-rsd[1].png
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\page-rsh.png
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\caasbycl\page-rsh[1].png
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\ontrtl.css
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\ontrtl[1].css
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\localhelp.txt
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\localhelp[1].txt
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\msofficehelp14\mohe6c8.tmp\clientviewersettings.xml
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\clientviewersettings[1].xml
- %TEMP%\imte6a7.tmp
- %TEMP%\imte697.tmp
- %TEMP%\imte667.tmp
- %TEMP%\imte666.tmp
- %TEMP%\imte665.tmp
- %TEMP%\imte654.tmp
- %TEMP%\imte653.tmp
- %TEMP%\imte652.tmp
- %TEMP%\imte632.tmp
- %TEMP%\imte631.tmp
- %TEMP%\imte621.tmp
- %TEMP%\imte620.tmp
- %ALLUSERSPROFILE%\microsoft help\ms.excel.14.1033_1033_mvalidator.hxd
- %TEMP%\imte5ff.tmp
- %TEMP%\imte5ef.tmp
- %TEMP%\imte5de.tmp
- %TEMP%\imte5ce.tmp
- %TEMP%\imte5bd.tmp
- %TEMP%\imte5ac.tmp
- %TEMP%\imte59c.tmp
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\page-lsh[1].png
- %TEMP%\1190069.cvr
- %ALLUSERSPROFILE%\microsoft help\ms.excel.14.1033_1033_mtoc_excel_col.hxh
- %ALLUSERSPROFILE%\microsoft help\ms.excel.14.1033_1033_mkwd_f.hxw
- %ALLUSERSPROFILE%\microsoft help\ms.excel.14.1033_1033_mkwd_k.hxw
- %ALLUSERSPROFILE%\microsoft help\ms.excel.14.1033_1033_mvalidator.hxd
- <PATH_SAMPLE>.xls
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: 'NetUICtrlNotifySink' WindowName: ''
- ClassName: 'REListbox20W' WindowName: ''
- ClassName: 'OfficeTooltip' WindowName: ''
- ClassName: 'MsoCommandBarPopup' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c attrib -S -h "%APPDATA%\Microsoft\Excel\XLSTART\K4.XLS"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c Del /F /Q "%APPDATA%\Microsoft\Excel\XLSTART\K4.XLS"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c RD /S /Q "%APPDATA%\Microsoft\Excel\XLSTART\K4.XLS"' (with hidden window)
- '<SYSTEM32>\attrib.exe' -S -h "%APPDATA%\Microsoft\Excel\XLSTART\K4.XLS"