Windows Analysis Report
SPCapIQProOffice-1.0.24095.1.exe

Overview

General Information

Sample name:	SPCapIQProOffice-1.0.24095.1.exe
Analysis ID:	1428493
MD5:	c09651c0422f8bb452b82232a454eee8
SHA1:	b7ec43f40cb6f8895de76d658fc4e8b2ecbb3038
SHA256:	dc5f345565aa2cc4dd0b446d96204cb9f7135757795370fd581ab4a9458d8b1d
Infos:

Detection

Score:	24
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Compliance

Score:	52
Range:	0 - 100

Signatures

Installs new ROOT certificates

Writes many files with high entropy

Checks for available system drives (often done to infect USB drives)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

Found evaded block containing many API calls

Found evasive API chain (date check)

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Queries time zone information

Sample file is different than original file name gathered from version info

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses the system / local time for branch decision (may execute only at specific dates)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

Cryptography

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0002A0BB DecryptFileW,	0_2_0002A0BB
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0004FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	0_2_0004FA62
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00029E9E DecryptFileW,DecryptFileW,	0_2_00029E9E
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0095A0BB DecryptFileW,	1_2_0095A0BB
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0097FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	1_2_0097FA62
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00959E9E DecryptFileW,DecryptFileW,	1_2_00959E9E
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0068FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	2_2_0068FA62
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00669E9E DecryptFileW,DecryptFileW,	2_2_00669E9E
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0066A0BB DecryptFileW,	2_2_0066A0BB
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0017A0BB DecryptFileW,	11_2_0017A0BB
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0019FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	11_2_0019FA62
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00179E9E DecryptFileW,DecryptFileW,	11_2_00179E9E

Compliance

Uses 32bit PE files

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP

Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.ini
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\vstor40_x64.cab
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1025.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.2052.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1028.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1030.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1031.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1033.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.3082.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1035.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1036.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1037.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1040.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1041.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1042.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1043.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1044.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1045.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1046.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1049.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1053.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\globdata.ini
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1025.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.2052.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1028.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1030.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1031.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1033.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.3082.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1035.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1036.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1037.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1040.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1041.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1042.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1043.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1044.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1045.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1046.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1049.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1053.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\vstor40_x64.MSI
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone

Jump to behavior

Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe

File created: C:\Users\user\AppData\Local\Temp\Microsoft Visual Studio Tools for Office Runtime 2010 Setup_20240419_025312968-MSI_vc_red.msi.txt

Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1033\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1025\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\2052\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1028\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1030\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1031\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\3082\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1035\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1036\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1037\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1040\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1041\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1042\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1043\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1044\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1045\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1046\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1049\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1053\eula.rtf
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1025.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.2052.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1028.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1030.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1031.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1033.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.3082.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1035.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1036.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1037.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1040.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1041.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1042.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1043.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1044.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1045.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1046.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1049.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1053.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1033.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.2052.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1028.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1031.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.3082.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1036.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1040.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1041.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1042.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1025.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1030.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1035.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1037.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1043.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1044.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1045.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1046.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1049.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1053.txt
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1033\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1025\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\2052\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1028\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1030\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1031\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\3082\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1035\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1036\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1037\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1040\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1041\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1042\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1043\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1044\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1045\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1046\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1049\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1053\eula.rtf

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: certificate valid

Source: C:\Windows\System32\msiexec.exe

File opened: c:\Windows\SysWOW64\msvcr100.dll

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\A\_work\681\a\WixBaDetectCapIqFunc.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2896800650.000000006CBF4000.00000002.00000001.01000000.0000000A.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895086718.000000006C174000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: l!SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(itcxszeg.pdb\|SNL.Clients.Office.Shim.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l.dsomi07c.pdb\|SNL.Clients.Office.PowerPoint.pdbb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584704299.00000000010BE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: !SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Excel.pdb!= source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\A\_work\681\a\WixBaDetectCapIqFunc.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2896800650.000000006CBF4000.00000002.00000001.01000000.0000000A.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895086718.000000006C174000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: SNL.Clients.Office.Shim.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Word.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l.dsomi07c.pdb\|SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2587094639.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Setup.pdb source: Setup.exe, 00000016.00000002.2599276952.0000000000851000.00000020.00000001.01000000.00000012.sdmp, Setup.exe, 00000016.00000000.2183636790.0000000000851000.00000020.00000001.01000000.00000012.sdmp, Setup.exe, 0000001D.00000000.2466014019.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, Setup.exe, 0000001D.00000002.2574358507.0000000000071000.00000020.00000001.01000000.0000001C.sdmp
Source:	Binary string: SNL.Clients.Office.Host.pdbM= source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\delivery\Dev\wix35\build\ship\x86\netfxca.pdb source: MSI6DC.tmp.23.dr
Source:	Binary string: Microsoft.Office.Tools.Excel.v9.0.pdbP source: 44aaf8.rbf.23.dr
Source:	Binary string: sqmapi.pdb source: Setup.exe, 00000016.00000002.2604661032.000000006BD81000.00000020.00000001.01000000.00000014.sdmp, Setup.exe, 0000001D.00000002.2577383725.000000006B9C1000.00000020.00000001.01000000.0000001E.sdmp
Source:	Binary string: SetupEngine.pdb source: Setup.exe, 00000016.00000002.2605209130.000000006BDC1000.00000020.00000001.01000000.00000013.sdmp, Setup.exe, 0000001D.00000002.2577668762.000000006B9F1000.00000020.00000001.01000000.0000001D.sdmp
Source:	Binary string: install.pdb source: vstor40_x64.exe, 00000018.00000002.2594285185.0000000000DC6000.00000004.00000020.00020000.00000000.sdmp, install.exe, 0000001A.00000002.2591416989.00007FF7AECA4000.00000002.00000001.01000000.0000001A.sdmp, install.exe, 0000001A.00000000.2413587318.00007FF7AECA4000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: l(wiwfwpgt.pdb\|SNL.Clients.Office.Word.pdb1 source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\dd\trinity\appnet\fx\runtime\ContractsV10\VSTOContract\objr\i386\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.pdb source: 44ab03.rbf.23.dr
Source:	Binary string: l!SNL.Clients.Office.PowerPoint.pdbj source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: MFCM100.amd64.pdbHp source: mfcm100.dll0.23.dr
Source:	Binary string: SNL.Clients.Office.Common.pdbX source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584704299.00000000010BE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(ombgpqa2.pdb\|SNL.Clients.Office.Host.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\dd\trinity\vsta\rt\VSTAAddInModel\CAA\objr\i386\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.pdb source: FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64.23.dr
Source:	Binary string: MFCM100.amd64.pdb source: mfcm100.dll0.23.dr
Source:	Binary string: l*txfpcpzj.pdb\|SNL.Clients.Office.Common.pdb7 source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584264924.00000000010D3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2587094639.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l"SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: SPCapIQProOffice-1.0.24095.1.exe
Source:	Binary string: sfxcab.pdb source: vstor_redist.exe, 00000012.00000002.2610552026.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor_redist.exe, 00000012.00000000.2089501904.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor40_x64.exe, 00000018.00000002.2594610762.0000000001002000.00000020.00000001.01000000.00000019.sdmp, vstor40_x64.exe, 00000018.00000000.2395505903.0000000001002000.00000020.00000001.01000000.00000019.sdmp, vstor_redist.exe, 00000019.00000002.2581768099.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor_redist.exe, 00000019.00000000.2411609798.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor40_LP_x86_heb.exe.18.dr, vstor40_LP_x64_deu.exe.18.dr
Source:	Binary string: l/c5bm5dgu.pdb\|SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586859040.00000000010DE000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584798602.00000000010B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l)zaakjhur.pdb\|SNL.Clients.Office.Excel.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584264924.00000000010D3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.Office.Tools.Excel.v9.0.pdb source: 44aaf8.rbf.23.dr
Source:	Binary string: f:\dd\trinity\appnet\fx\runtime\ContractsV10\VSTOContract\objr\i386\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.pdbD[^[ P[_CorDllMainmscoree.dll source: 44ab03.rbf.23.dr
Source:	Binary string: vstoee.pdbN source: vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8.23.dr
Source:	Binary string: patchhooks.pdb source: Setup.exe, 00000016.00000003.2275613374.000000000315F000.00000004.00000020.00020000.00000000.sdmp, vstor40_x64.exe, 00000018.00000002.2594285185.0000000000DC6000.00000004.00000020.00020000.00000000.sdmp, vc_red.msi0.25.dr
Source:	Binary string: C:\delivery\Dev\wix35\build\ship\x86\netfxca.pdb U source: MSI6DC.tmp.23.dr
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\WixStdBA.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2897428739.000000006CC1F000.00000002.00000001.01000000.00000007.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895658611.000000006C19F000.00000002.00000001.01000000.0000000F.sdmp, wixstdba.dll.13.dr
Source:	Binary string: SNL.Clients.Office.Excel.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Host.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(wiwfwpgt.pdb\|SNL.Clients.Office.Word.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l*txfpcpzj.pdb\|SNL.Clients.Office.Common.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: atl100.i386.pdb source: F_CENTRAL_atl100_x86.23.dr
Source:	Binary string: vstoee.pdb source: vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8.23.dr
Source:	Binary string: /c5bm5dgu.pdb\|SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Shim.pdbv source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .dsomi07c.pdb\|SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(itcxszeg.pdb\|SNL.Clients.Office.Shim.pdbx? source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Common.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887542922.00000000010C3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: "SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SetupResources.pdb source: SetupResources.dll6.18.dr, SetupResources.dll12.25.dr, SetupResources.dll9.18.dr, SetupResources.dll4.25.dr, SetupResources.dll16.18.dr, SetupResources.dll1.25.dr, SetupResources.dll16.25.dr
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\SfxCA.pdb source: MSI3B24.tmp.23.dr

Spreading

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Windows\System32\msiexec.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00054440 FindFirstFileW,FindClose,	0_2_00054440
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00029B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	0_2_00029B43
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00013CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	0_2_00013CC4
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00984440 FindFirstFileW,FindClose,	1_2_00984440
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00959B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	1_2_00959B43
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00943CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	1_2_00943CC4
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBED856 FindFirstFileExW,_free,	1_2_6CBED856
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC06866 FindFirstFileW,FindClose,	1_2_6CC06866
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00694440 FindFirstFileW,FindClose,	2_2_00694440
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00669B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	2_2_00669B43
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00653CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	2_2_00653CC4
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001A4440 FindFirstFileW,FindClose,	11_2_001A4440
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00179B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	11_2_00179B43
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00163CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	11_2_00163CC4
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C16D856 FindFirstFileExW,_free,	13_2_6C16D856
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C186866 FindFirstFileW,FindClose,	13_2_6C186866

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\NULL	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL	Jump to behavior

Networking

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

Code function: 1_2_00986357 InternetReadFile,WriteFile,WriteFile,GetLastError,GetLastError,

1_2_00986357

Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://appsyndication.org/2006/appsyn
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2894303109.00000000071C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digic
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Setup.exe, 00000016.00000003.2197466109.000000000141B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001D.00000002.2576934358.0000000003240000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.m
Source: Setup.exe, 0000001D.00000003.2482553908.000000000147F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.co
Source: Setup.exe, 0000001D.00000003.2482553908.000000000147F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microx
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2894303109.00000000071C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.dig
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: Setup.exe, 00000016.00000002.2600526077.0000000001416000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsoft.
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889517822.00000000035C0000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889695011.0000000003710000.00000004.00000800.00020000.00000000.sdmp, thm.xml.13.dr	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889695011.0000000003710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010(
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010g_VST
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2890706092.0000000002B30000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889517822.00000000035C0000.00000004.00000020.00020000.00000000.sdmp, thm.xml.13.dr	String found in binary or memory: https://ecs.syr.edu/faculty/fawcett/handouts/Coretechnologies/WindowsProgramming/WinUser.h
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.s
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spgloba
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.c
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001263000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001238000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933865731.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930450152.0000000002E46000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932358478.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933865731.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931854743.0000000000BFB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2889008138.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/-l
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/3
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/ap
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933865731.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932358478.0000000000C34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/of=
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032193426.0000000001084000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032900367.0000000001084000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/off
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933865731.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932358478.0000000000C34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032193426.0000000001084000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032900367.0000000001084000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/C
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Co_
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Con
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Conte
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930159833.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/Prereqs/NDP48/ndp48-x86-x
Source: BootstrapperApplicationData.xml.1.dr	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/Prereqs/VC_REDIST/vc_redi
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932045913.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930159833.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/Prereqs/VSTOR2010/vstor_r
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932045913.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932156175.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/en-US/OfficeTools-x64-1.0
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932045913.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930048010.0000000002E4E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/en-US/OfficeTools-x86-1.0
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931925320.0000000000C42000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C41000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C41000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1934087160.0000000000C44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/en-US/PluginManager-1.0.2
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932045913.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933988321.0000000000C3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/en-US/SPCapIQProOffice-x6
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932045913.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930048010.0000000002E4E000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932156175.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/en-US/SPCapIQProOffice-x8
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/r_CN_1.0.24095.1.msi
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.0000000001348000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/w
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032193426.0000000001084000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032900367.0000000001084000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.co
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2894303109.00000000071C0000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.0000000001348000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.00000000013BF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.00000000013E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001084000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032193426.0000000001084000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001038000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2894044221.0000000003660000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001091000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032900367.0000000001084000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.00000000007F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/&D
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.2611939090.00000000058E5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2894425642.00000000058E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/G~
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2894425642.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.2611939090.00000000058F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/S_m
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apis
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/offiQB
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-t7B
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933865731.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932358478.0000000000C34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-too
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-servi
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/C
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001060000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/Empower/e
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001060000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001038000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/Empower/empower-1.0.2409
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930159833.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/Prereqs/NDP48/ndp48-x86-
Source: BootstrapperApplicationData.xml.1.dr	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/Prereqs/VC_REDIST/vc_red
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932045913.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930159833.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2889008138.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889517822.00000000035C0000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1996686802.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889960960.0000000003B18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/Prereqs/VSTOR2010/vstor_
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933865731.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932358478.0000000000C34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/en-US/O;=
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932045913.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930048010.0000000002E4E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/en-US/OfficeTools-x64-1.
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C41000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930048010.0000000002E4E000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C41000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2889008138.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1996686802.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889960960.0000000003B18000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889695011.0000000003710000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.000000000136E000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889960960.0000000003B22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/en-US/OfficeTools-x86-1.
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889960960.0000000003B22000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.00000000013E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001084000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032193426.0000000001084000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001038000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2894044221.0000000003660000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032900367.0000000001084000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/en-US/PluginManager-1.0.
Source: BootstrapperApplicationData.xml.1.dr	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/en-US/SPCapIQProOffice-x
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2894425642.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.2611939090.00000000058F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/j_
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spz

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\VSTOR entropy: 7.99988204417	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\SPCapIQProOffice_x86_1.0.24095.1.msi entropy: 7.99937881279	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\.unverified\VSTOR (copy) entropy: 7.99988204417	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe (copy) entropy: 7.99988204417	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\.unverified\SPCapIQProOffice_x86_1.0.24095.1.msi (copy) entropy: 7.99937881279	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\{8ABF444C-2498-4B37-A960-91BFE1481ED5}v1.0.24095.1\SPCapIQProOffice-x86-1.0.24095.1.msi (copy) entropy: 7.99937881279	Jump to dropped file
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Users\user\AppData\Local\Temp\{A5DF5AFE-B192-4687-96B1-CE307FC167B5}\SPCapIQProOffice_x86_1.0.24095.1.msi entropy: 7.99937881279	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\VC_Red_x86\vc_red.cab entropy: 7.99982407421	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\VC_Red_x86\msp_kb2565063.msp entropy: 7.99425811628	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\VC_Red_x64\vc_red.cab entropy: 7.99987405973	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\VC_Red_x64\msp_kb2565063.msp entropy: 7.99496204849	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x86.exe entropy: 7.99650392964	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe entropy: 7.99725474517	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\vstor40_x64.cab entropy: 7.99970074299	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\VC_Red_x86\vc_red.cab entropy: 7.99982407421	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\VC_Red_x86\msp_kb2565063.msp entropy: 7.99425811628	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\VC_Red_x64\vc_red.cab entropy: 7.99987405973	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\VC_Red_x64\msp_kb2565063.msp entropy: 7.99496204849	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_x86.exe entropy: 7.99650392964	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_x64.exe entropy: 7.99725474517	Jump to dropped file

System Summary

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aadb.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aadc.msp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAF02.tmp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\atl100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100chs.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100cht.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100deu.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100enu.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100esn.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100fra.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100ita.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100jpn.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100kor.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100rus.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100u.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfcm100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfcm100u.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\vcomp100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_atl100_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100chs_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100cht_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100deu_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100enu_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100esn_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100fra_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100ita_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100jpn_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100kor_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100rus_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100u_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100u_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_vcomp100_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aadf.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aadf.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae0.msp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae0.msp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae1.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae2.msp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC8E4.tmp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\atl100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100chs.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100cht.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100deu.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100enu.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100esn.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100fra.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100ita.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100jpn.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100kor.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100rus.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100u.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfcm100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfcm100u.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcp100_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\msvcp100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\msvcr100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\vcomp100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_atl100_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100chs_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100cht_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100deu_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100enu_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100esn_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100fra_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100ita_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100jpn_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100kor_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100rus_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100u_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100u_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcr100_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_vcomp100_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\CacheSize.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae6.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae6.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae7.msp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae7.msp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae8.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{FD9D64F4-CAF5-3D23-845A-B843C78CC1A5}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE6FC.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE789.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEC1E.tmp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_GAC_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_Pipeline_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10_GAC_amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_GAC_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_Pipeline_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft_VisualStudio_Tools_Applications_Hosting_v10_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_GAC_v10_enu_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAHosting_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTARuntime_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAServerDocument_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonImpl_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonInterfaces_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOContainerControl_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCoreInterfaces_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelHostAdapter_GAC_v10_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelImpl_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelInterfaces_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookHostAdapter_GAC_v10_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookImpl_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookInterfaces_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_internal_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOV4Framework_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordHostAdapter_GAC_v10_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordImpl_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordInterfaces_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOInstallerUI_enu_x86.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOMessageProvider_x86.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Excel.Adapter_Pipeline.v10.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Outlook.Adapter_Pipeline.v10.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Word.Adapter_Pipeline.v10.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_GAC.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_Pipeline.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_GAC.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_Pipeline.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_GAC.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_Pipeline.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\MSVSTOContainerControl_GAC_v10_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib100_x86.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib90_x86.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOInstaller_exe_x86.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44ab1b.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44ab1b.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI593.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI6DC.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI74A.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A47.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A96.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1E21.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\44ab1c.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI38AF.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI390E.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI39AB.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3A29.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3B24.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI81F2.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat

Deletes files inside the Windows folder

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

File deleted: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\VSTOR.R

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0004001D	0_2_0004001D
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_000341EA	0_2_000341EA
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_000162AA	0_2_000162AA
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0003C332	0_2_0003C332
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_000403D5	0_2_000403D5
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0004A560	0_2_0004A560
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_000407AA	0_2_000407AA
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0001A8F1	0_2_0001A8F1
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0004AA0E	0_2_0004AA0E
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00040B6F	0_2_00040B6F
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0003FB89	0_2_0003FB89
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00042C18	0_2_00042C18
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00042E47	0_2_00042E47
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0004EE7C	0_2_0004EE7C
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0097001D	1_2_0097001D
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_009641EA	1_2_009641EA
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_009462AA	1_2_009462AA
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_009703D5	1_2_009703D5
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0096C332	1_2_0096C332
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0097A560	1_2_0097A560
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_009707AA	1_2_009707AA
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0094A8F1	1_2_0094A8F1
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0097AA0E	1_2_0097AA0E
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0096FB89	1_2_0096FB89
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00970B6F	1_2_00970B6F
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00972C18	1_2_00972C18
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00972E47	1_2_00972E47
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0097EE7C	1_2_0097EE7C
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBF3025	1_2_6CBF3025
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE71AF	1_2_6CBE71AF
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBEF100	1_2_6CBEF100
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBF1A45	1_2_6CBF1A45
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE73D8	1_2_6CBE73D8
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBF1B71	1_2_6CBF1B71
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC0BCB8	1_2_6CC0BCB8
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC0240C	1_2_6CC0240C
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC124C5	1_2_6CC124C5
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC18D6E	1_2_6CC18D6E
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC188C0	1_2_6CC188C0
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC1D9E8	1_2_6CC1D9E8
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC12296	1_2_6CC12296
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_006741EA	2_2_006741EA
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0068001D	2_2_0068001D
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_006562AA	2_2_006562AA
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0067C332	2_2_0067C332
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_006803D5	2_2_006803D5
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0068A560	2_2_0068A560
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_006807AA	2_2_006807AA
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0065A8F1	2_2_0065A8F1
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0068AA0E	2_2_0068AA0E
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00680B6F	2_2_00680B6F
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0067FB89	2_2_0067FB89
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00682C18	2_2_00682C18
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0068EE7C	2_2_0068EE7C
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00682E47	2_2_00682E47
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0019001D	11_2_0019001D
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001841EA	11_2_001841EA
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001662AA	11_2_001662AA
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0018C332	11_2_0018C332
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001903D5	11_2_001903D5
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0019A560	11_2_0019A560
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001907AA	11_2_001907AA
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0016A8F1	11_2_0016A8F1
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0019AA0E	11_2_0019AA0E
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00190B6F	11_2_00190B6F
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0018FB89	11_2_0018FB89
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00192C18	11_2_00192C18
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00192E47	11_2_00192E47
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0019EE7C	11_2_0019EE7C
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C173025	13_2_6C173025
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C16F100	13_2_6C16F100
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1671AF	13_2_6C1671AF
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C171A45	13_2_6C171A45
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C171B71	13_2_6C171B71
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1673D8	13_2_6C1673D8
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C18240C	13_2_6C18240C
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C18BCB8	13_2_6C18BCB8
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1924C5	13_2_6C1924C5
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C198D6E	13_2_6C198D6E
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1988C0	13_2_6C1988C0
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C19D9E8	13_2_6C19D9E8
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C192296	13_2_6C192296

Found potential string decryption / allocating functions

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00980237 appears 683 times
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00941F13 appears 54 times
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 009832F3 appears 83 times
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00943821 appears 501 times
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 6CC0DA9D appears 40 times
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 6CC05B74 appears 84 times
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00980726 appears 34 times
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00653821 appears 500 times
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 006932F3 appears 84 times
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00651F13 appears 54 times
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00690726 appears 34 times
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00690237 appears 685 times
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 001A0726 appears 34 times
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 6C18DA9D appears 40 times
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00161F13 appears 54 times
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 001A0237 appears 685 times
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00163821 appears 500 times
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 6C185B74 appears 84 times
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 001A32F3 appears 83 times
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00050726 appears 34 times
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00011F13 appears 54 times
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 000532F3 appears 83 times
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00013821 appears 501 times
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00050237 appears 683 times

PE file contains executable resources (Code or Archives)

Source: SetupResources.dll13.18.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

PE file does not import any functions

Source: SetupResources.dll16.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll13.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll1.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll4.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll9.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll12.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll15.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll0.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll3.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll11.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll6.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll7.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll10.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll2.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll14.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll5.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll8.18.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2897666574.000000006CC2D000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamewixstdba.dll\ vs SPCapIQProOffice-1.0.24095.1.exe
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rights reserved.lBOriginalFilenameSPCapIQProOffice-1.0.24095.1.e vs SPCapIQProOffice-1.0.24095.1.exe
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: All rights reserved.lBOriginalFilenameSPCapIQProOffice-1.0.24095 vs SPCapIQProOffice-1.0.24095.1.exe
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895867977.000000006C1AD000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: OriginalFilenamewixstdba.dll\ vs SPCapIQProOffice-1.0.24095.1.exe

Uses 32bit PE files

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP

Source: vstor40_LP_x64_cht.exe.18.dr

Static PE information: Section: .rsrc ZLIB complexity 0.9887546101159115

Source: classification engine

Classification label: sus24.rans.evad.winEXE@77/696@0/2

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_0004FE21 FormatMessageW,GetLastError,LocalFree,

0_2_0004FE21

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_000145EE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	0_2_000145EE
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_009445EE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	1_2_009445EE
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_006545EE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	2_2_006545EE
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001645EE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	11_2_001645EE

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_0005304F GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,

0_2_0005304F

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

Code function: 1_2_6CC0D424 FindResourceExA,GetLastError,LoadResource,GetLastError,SizeofResource,GetLastError,LockResource,GetLastError,

1_2_6CC0D424

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_00036B88 ChangeServiceConfigW,GetLastError,

0_2_00036B88

Source: C:\Windows\System32\msiexec.exe

File created: c:\Program Files (x86)\Common Files\Microsoft Shared\VC

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7624:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4412:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4128:120:WilError_03
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Mutant created: \Sessions\1\BaseNamedObjects\SetupWatson_Mutex_Name
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7944:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4520:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2332:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1664:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1640:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5180:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3344:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7620:120:WilError_03
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\VC_Redist_SetupMutex

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

File created: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\

Jump to behavior

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msi.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: version.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: wininet.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: comres.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: clbcatq.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msasn1.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: crypt32.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: feclient.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	0_2_00011070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msi.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: version.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: wininet.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: comres.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: clbcatq.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msasn1.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: crypt32.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: feclient.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	1_2_00941070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msi.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: version.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: comres.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: clbcatq.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msasn1.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: crypt32.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: feclient.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	2_2_00651070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msi.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: version.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: wininet.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: comres.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: clbcatq.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msasn1.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: crypt32.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: feclient.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	11_2_00161070

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

File read: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe "C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe"
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe "C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe" -burn.clean.room="C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe" -burn.filehandle.attached=532 -burn.filehandle.self=528
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe "C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe" -q -burn.elevated BurnPipe.{22255B69-8FB0-4B58-9A37-96EAAA229CC0} {B6A53FD5-A31E-4AF8-BB77-CA62C452506E} 7336
Source: unknown	Process created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
Source: C:\Windows\System32\SrTasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" /burn.runonce
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" /burn.log.append "C:\Users\user\AppData\Local\Temp\S&P_Capital_IQ_Pro_Office_20240419025210.log"
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" -burn.clean.room="C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /burn.log.append "C:\Users\user\AppData\Local\Temp\S&P_Capital_IQ_Pro_Office_20240419025210.log"
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" -q -burn.elevated BurnPipe.{F8907890-6A84-4345-B5A9-D02185C4BBD7} {C0D578AC-8A16-4B2B-B0EB-8A9283D46FE9} 7396
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe "C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe" /i /q /norestart
Source: unknown	Process created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
Source: C:\Windows\System32\SrTasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Process created: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe c:\e4b15374fbeb09b00c2ff6ea22\Setup.exe /i /q /norestart
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe vstor40_x64.exe /q
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe "C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe" /i /q /norestart
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Process created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe c:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe /q
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe c:\Windows\syswow64\MsiExec.exe -Embedding 50D0C51C5F29CB2F939D1D66AF46B8FD
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe c:\Windows\System32\MsiExec.exe -Embedding 392B92B2C8922C55BB291E3DD13F1718
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Process created: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe c:\5dbc7bbf14917454e3442522d4a6\Setup.exe /i /q /norestart
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe c:\Windows\syswow64\MsiExec.exe -Embedding 8B188487738B9071562D9EF7776E0846 M Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe c:\Windows\System32\MsiExec.exe -Embedding 65B24CE328994E1BC77923B19C5082F3 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe c:\Windows\syswow64\MsiExec.exe -Embedding 417DB550FCDE732E3591759ED0C0D26B E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe "C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe" -burn.clean.room="C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe" -burn.filehandle.attached=532 -burn.filehandle.self=528	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe "C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe" -q -burn.elevated BurnPipe.{22255B69-8FB0-4B58-9A37-96EAAA229CC0} {B6A53FD5-A31E-4AF8-BB77-CA62C452506E} 7336	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe "C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe" /i /q /norestart	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" /burn.log.append "C:\Users\user\AppData\Local\Temp\S&P_Capital_IQ_Pro_Office_20240419025210.log"	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" -burn.clean.room="C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /burn.log.append "C:\Users\user\AppData\Local\Temp\S&P_Capital_IQ_Pro_Office_20240419025210.log"	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe "C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe" /i /q /norestart	Jump to behavior
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Process created: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe c:\e4b15374fbeb09b00c2ff6ea22\Setup.exe /i /q /norestart
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe vstor40_x64.exe /q
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe c:\Windows\syswow64\MsiExec.exe -Embedding 50D0C51C5F29CB2F939D1D66AF46B8FD
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe c:\Windows\System32\MsiExec.exe -Embedding 392B92B2C8922C55BB291E3DD13F1718
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe c:\Windows\syswow64\MsiExec.exe -Embedding 8B188487738B9071562D9EF7776E0846 M Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe c:\Windows\System32\MsiExec.exe -Embedding 65B24CE328994E1BC77923B19C5082F3 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe c:\Windows\syswow64\MsiExec.exe -Embedding 417DB550FCDE732E3591759ED0C0D26B E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Process created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe c:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe /q
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Process created: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe c:\5dbc7bbf14917454e3442522d4a6\Setup.exe /i /q /norestart
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: usoapi.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: sxproxy.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srcore.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: bcd.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vss_ps.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: usoapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: sxproxy.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: textshaping.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: textinputframework.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: coreuicomponents.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: ntmarta.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: clusapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: dnsapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: iphlpapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wkscli.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: cscapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: netutils.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: cryptsp.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: rsaenh.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: feclient.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: spp.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srclient.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srcore.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: spp.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ktmw32.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: wer.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: spp.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: bcd.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: msxml3.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vss_ps.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: apphelp.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: acgenral.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: uxtheme.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: winmm.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: samcli.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msacm32.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: version.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: userenv.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: dwmapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: urlmon.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: mpr.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: sspicli.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: winmmbase.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: winmmbase.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: iertutil.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: srvcli.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: netutils.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: setupengine.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: winhttp.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: secur32.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: sqmapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msasn1.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: windows.storage.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: wldp.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: profapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: ntmarta.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: kernel.appcore.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: cryptsp.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: rsaenh.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: cryptbase.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: gpapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msisip.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: srpapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: tsappcmp.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: netapi32.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: apphelp.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: uxtheme.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: textshaping.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: kernel.appcore.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: textinputframework.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: coreuicomponents.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: coremessaging.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: ntmarta.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: wintypes.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: wintypes.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: wintypes.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: clusapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: dnsapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: iphlpapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: wkscli.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: cscapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: netutils.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: cryptsp.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: rsaenh.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: cryptbase.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: feclient.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: textshaping.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: textinputframework.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: coreuicomponents.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: ntmarta.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: clusapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: dnsapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: iphlpapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wkscli.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: cscapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: netutils.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: cryptsp.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: rsaenh.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: feclient.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: apphelp.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: apphelp.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: version.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: uxtheme.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: install.res.2057.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: install.res.1033.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: secur32.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: msi.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: kernel.appcore.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: srpapi.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: tsappcmp.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: netapi32.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: wkscli.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: netutils.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: windows.storage.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: wldp.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: apphelp.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: acgenral.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: uxtheme.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: winmm.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: samcli.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msacm32.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: version.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: userenv.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: dwmapi.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: urlmon.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: mpr.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: sspicli.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: winmmbase.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: winmmbase.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: iertutil.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: srvcli.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: netutils.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: setupengine.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msi.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: winhttp.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: secur32.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: sqmapi.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msasn1.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: profapi.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: ntmarta.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: kernel.appcore.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File written: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.ini

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Automated click: Install
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Automated click: Install
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

Window detected: Number of UI elements: 20

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.ini
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\vstor40_x64.cab
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1025.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.2052.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1028.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1030.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1031.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1033.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.3082.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1035.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1036.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1037.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1040.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1041.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1042.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1043.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1044.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1045.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1046.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1049.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1053.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\globdata.ini
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1025.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.2052.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1028.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1030.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1031.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1033.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.3082.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1035.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1036.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1037.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1040.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1041.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1042.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1043.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1044.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1045.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1046.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1049.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1053.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\vstor40_x64.MSI
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: certificate valid

Source: C:\Windows\System32\msiexec.exe

File opened: c:\Windows\SysWOW64\msvcr100.dll

Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\A\_work\681\a\WixBaDetectCapIqFunc.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2896800650.000000006CBF4000.00000002.00000001.01000000.0000000A.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895086718.000000006C174000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: l!SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(itcxszeg.pdb\|SNL.Clients.Office.Shim.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l.dsomi07c.pdb\|SNL.Clients.Office.PowerPoint.pdbb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584704299.00000000010BE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: !SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Excel.pdb!= source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\A\_work\681\a\WixBaDetectCapIqFunc.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2896800650.000000006CBF4000.00000002.00000001.01000000.0000000A.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895086718.000000006C174000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: SNL.Clients.Office.Shim.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Word.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l.dsomi07c.pdb\|SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2587094639.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Setup.pdb source: Setup.exe, 00000016.00000002.2599276952.0000000000851000.00000020.00000001.01000000.00000012.sdmp, Setup.exe, 00000016.00000000.2183636790.0000000000851000.00000020.00000001.01000000.00000012.sdmp, Setup.exe, 0000001D.00000000.2466014019.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, Setup.exe, 0000001D.00000002.2574358507.0000000000071000.00000020.00000001.01000000.0000001C.sdmp
Source:	Binary string: SNL.Clients.Office.Host.pdbM= source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\delivery\Dev\wix35\build\ship\x86\netfxca.pdb source: MSI6DC.tmp.23.dr
Source:	Binary string: Microsoft.Office.Tools.Excel.v9.0.pdbP source: 44aaf8.rbf.23.dr
Source:	Binary string: sqmapi.pdb source: Setup.exe, 00000016.00000002.2604661032.000000006BD81000.00000020.00000001.01000000.00000014.sdmp, Setup.exe, 0000001D.00000002.2577383725.000000006B9C1000.00000020.00000001.01000000.0000001E.sdmp
Source:	Binary string: SetupEngine.pdb source: Setup.exe, 00000016.00000002.2605209130.000000006BDC1000.00000020.00000001.01000000.00000013.sdmp, Setup.exe, 0000001D.00000002.2577668762.000000006B9F1000.00000020.00000001.01000000.0000001D.sdmp
Source:	Binary string: install.pdb source: vstor40_x64.exe, 00000018.00000002.2594285185.0000000000DC6000.00000004.00000020.00020000.00000000.sdmp, install.exe, 0000001A.00000002.2591416989.00007FF7AECA4000.00000002.00000001.01000000.0000001A.sdmp, install.exe, 0000001A.00000000.2413587318.00007FF7AECA4000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: l(wiwfwpgt.pdb\|SNL.Clients.Office.Word.pdb1 source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\dd\trinity\appnet\fx\runtime\ContractsV10\VSTOContract\objr\i386\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.pdb source: 44ab03.rbf.23.dr
Source:	Binary string: l!SNL.Clients.Office.PowerPoint.pdbj source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: MFCM100.amd64.pdbHp source: mfcm100.dll0.23.dr
Source:	Binary string: SNL.Clients.Office.Common.pdbX source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584704299.00000000010BE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(ombgpqa2.pdb\|SNL.Clients.Office.Host.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\dd\trinity\vsta\rt\VSTAAddInModel\CAA\objr\i386\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.pdb source: FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64.23.dr
Source:	Binary string: MFCM100.amd64.pdb source: mfcm100.dll0.23.dr
Source:	Binary string: l*txfpcpzj.pdb\|SNL.Clients.Office.Common.pdb7 source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584264924.00000000010D3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2587094639.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l"SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: SPCapIQProOffice-1.0.24095.1.exe
Source:	Binary string: sfxcab.pdb source: vstor_redist.exe, 00000012.00000002.2610552026.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor_redist.exe, 00000012.00000000.2089501904.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor40_x64.exe, 00000018.00000002.2594610762.0000000001002000.00000020.00000001.01000000.00000019.sdmp, vstor40_x64.exe, 00000018.00000000.2395505903.0000000001002000.00000020.00000001.01000000.00000019.sdmp, vstor_redist.exe, 00000019.00000002.2581768099.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor_redist.exe, 00000019.00000000.2411609798.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor40_LP_x86_heb.exe.18.dr, vstor40_LP_x64_deu.exe.18.dr
Source:	Binary string: l/c5bm5dgu.pdb\|SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586859040.00000000010DE000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584798602.00000000010B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l)zaakjhur.pdb\|SNL.Clients.Office.Excel.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584264924.00000000010D3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.Office.Tools.Excel.v9.0.pdb source: 44aaf8.rbf.23.dr
Source:	Binary string: f:\dd\trinity\appnet\fx\runtime\ContractsV10\VSTOContract\objr\i386\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.pdbD[^[ P[_CorDllMainmscoree.dll source: 44ab03.rbf.23.dr
Source:	Binary string: vstoee.pdbN source: vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8.23.dr
Source:	Binary string: patchhooks.pdb source: Setup.exe, 00000016.00000003.2275613374.000000000315F000.00000004.00000020.00020000.00000000.sdmp, vstor40_x64.exe, 00000018.00000002.2594285185.0000000000DC6000.00000004.00000020.00020000.00000000.sdmp, vc_red.msi0.25.dr
Source:	Binary string: C:\delivery\Dev\wix35\build\ship\x86\netfxca.pdb U source: MSI6DC.tmp.23.dr
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\WixStdBA.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2897428739.000000006CC1F000.00000002.00000001.01000000.00000007.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895658611.000000006C19F000.00000002.00000001.01000000.0000000F.sdmp, wixstdba.dll.13.dr
Source:	Binary string: SNL.Clients.Office.Excel.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Host.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(wiwfwpgt.pdb\|SNL.Clients.Office.Word.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l*txfpcpzj.pdb\|SNL.Clients.Office.Common.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: atl100.i386.pdb source: F_CENTRAL_atl100_x86.23.dr
Source:	Binary string: vstoee.pdb source: vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8.23.dr
Source:	Binary string: /c5bm5dgu.pdb\|SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Shim.pdbv source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .dsomi07c.pdb\|SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(itcxszeg.pdb\|SNL.Clients.Office.Shim.pdbx? source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Common.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887542922.00000000010C3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: "SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SetupResources.pdb source: SetupResources.dll6.18.dr, SetupResources.dll12.25.dr, SetupResources.dll9.18.dr, SetupResources.dll4.25.dr, SetupResources.dll16.18.dr, SetupResources.dll1.25.dr, SetupResources.dll16.25.dr
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\SfxCA.pdb source: MSI3B24.tmp.23.dr

Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

PE file contains sections with non-standard names

Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: section name: .wixburn
Source: SPCapIQProOffice-1.0.24095.1.exe.0.dr	Static PE information: section name: .wixburn
Source: SPCapIQProOffice-1.0.24095.1.exe.1.dr	Static PE information: section name: .wixburn
Source: SPCapIQProOffice-1.0.24095.1.exe.2.dr	Static PE information: section name: .wixburn

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0003EAD6 push ecx; ret	0_2_0003EAE9
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0096EAD6 push ecx; ret	1_2_0096EAE9
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE2496 push ecx; ret	1_2_6CBE24A9
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBF38B8 push ecx; ret	1_2_6CBF38B6
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC0F346 push ecx; ret	1_2_6CC0F359
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0067EAD6 push ecx; ret	2_2_0067EAE9
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0018EAD6 push ecx; ret	11_2_0018EAE9
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C162496 push ecx; ret	13_2_6C1624A9
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1738B8 push ecx; ret	13_2_6C1738B6
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C18F346 push ecx; ret	13_2_6C18F359

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob

Drops PE files

Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafa.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\2052\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_nld.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1036\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100cht.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_esn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1028.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_ptb.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1042\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1036.dll	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100u.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\sqmapi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaec.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\2052\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI390E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf9.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_ita.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1042\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab00.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100ita.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_deu.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_kor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_GAC_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\vcomp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab15.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft_VisualStudio_Tools_Applications_Hosting_v10_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_nor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100cht_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100rus_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1045\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI74A.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1033\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1044.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1035.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0f.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_jpn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf2.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1036\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100chs_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafe.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_ara.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1033\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100esn_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_kor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf5.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1045\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab04.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcp100_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_plk.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A47.tmp	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1040.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10_GAC_amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab12.rbf	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1031.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\3082\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1041.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\3082\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_rus.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_plk.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1033.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_vcomp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEC1E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0c.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1053\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1053\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab19.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100enu_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\SetupUi.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_chs.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Excel.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaef.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcomp100.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_fra.exe	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100kor_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1045.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1040\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1036.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI593.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100deu_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\atl100.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.2052.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\SetupUi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1044\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTARuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1044.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaed.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp100.dll	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.ba\bafunctions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafb.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab01.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcr100.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_ptb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100cht.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_fra.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCoreInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\sqmapi.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1028\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A96.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf8.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_cht.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAServerDocument_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_ara.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_cht.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_chs.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_Pipeline_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1030.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_kor.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1031\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1030\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf3.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\MSVSTOContainerControl_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Outlook.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_esn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOContainerControl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3A29.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab16.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100fra.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_nor.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_x64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaff.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_fin.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100u_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100jpn_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1037\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1040.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1035\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Users\user\AppData\Local\Temp\{A5DF5AFE-B192-4687-96B1-CE307FC167B5}\.ba\bafunctions.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_jpn.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_fra.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1049.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI38AF.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_nld.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_dan.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_chs.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab05.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100chs_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf4.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1025\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_esn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_cht.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0b.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaee.rbf	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1043.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100kor.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.3082.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab11.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100jpn.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_atl100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI39AB.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_x86.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100u_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_nor.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1046\SetupResources.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1053.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100ita_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab17.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Users\user\AppData\Local\Temp\{A5DF5AFE-B192-4687-96B1-CE307FC167B5}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_chs.exe	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1037.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_cht.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100u_x86	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1045.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafc.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_jpn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100enu_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1046.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab09.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf0.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE789.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100u.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_fin.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_dan.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab02.rbf	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1033.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1049\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_plk.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1046\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100fra_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.2052.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_kor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100rus_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_deu.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1037\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100fra.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib100_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1031.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Word.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0e.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100deu_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1043\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1041\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100kor.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_rus.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1041\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab14.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_ara.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1043\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1049\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOV4Framework_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1049.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_internal_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100_x64	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1042.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_ptb.exe	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1025.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_fra.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOInstallerUI_enu_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_nld.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_dan.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf7.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab06.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_vcomp100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab10.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_deu.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_nld.exe	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_fin.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0a.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI6DC.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1035.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_ita.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab18.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100esn_x86	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1028.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_deu.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1053.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100esn.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_ara.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf1.rbf	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\.unverified\VSTOR (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab08.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3B24.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1025\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_esn.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1040\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1044\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100jpn_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1037.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100ita.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_ita.exe	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\VSTOR	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_rus.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_fin.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafd.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1043.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib90_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1046.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_ptb.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_jpn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100cht_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab03.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1031\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1030\SetupResources.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.3082.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1035\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaeb.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab13.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcr100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI81F2.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAHosting_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100kor_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100ita_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\SetupEngine.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0d.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_nor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1E21.tmp	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Users\user\AppData\Local\Temp\DEL80A9.tmp (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1025.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1041.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1028\SetupResources.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1042.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 44aae5.rbf (copy)	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_dan.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOInstaller_exe_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab07.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100fra_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_Pipeline_amd64	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1030.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_ita.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_rus.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\SetupEngine.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOMessageProvider_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_atl100_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x86.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_plk.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf6.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100u_x86	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe (copy)	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\.unverified\VSTOR (copy)	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100u_x64	Jump to dropped file
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100ita_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI390E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100u_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100ita.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100enu_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_GAC_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\vcomp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE789.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft_VisualStudio_Tools_Applications_Hosting_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100cht_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100rus_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100fra_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI74A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100rus_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100fra.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100chs_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib100_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100esn_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Word.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcp100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100deu_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A47.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10_GAC_amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100kor.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOV4Framework_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_internal_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_vcomp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEC1E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOInstallerUI_enu_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_vcomp100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100enu_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Excel.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcomp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI6DC.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100kor_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI593.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100esn_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100deu_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTARuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.ba\bafunctions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3B24.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCoreInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A96.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100jpn_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100ita.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAServerDocument_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\VSTOR	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_Pipeline_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib90_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\MSVSTOContainerControl_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Outlook.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100cht_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOContainerControl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3A29.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100fra.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100u_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100jpn_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcr100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI81F2.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAHosting_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100kor_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100ita_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1E21.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI38AF.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100chs_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOInstaller_exe_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100fra_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_Pipeline_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100kor.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOMessageProvider_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_atl100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_atl100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100u_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI39AB.tmp	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\VSTOR	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_Pipeline_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10_GAC_amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_Pipeline_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf5.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft_VisualStudio_Tools_Applications_Hosting_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_GAC_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf6.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAHosting_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf7.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTARuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAServerDocument_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf8.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf9.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOContainerControl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCoreInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafa.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafb.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafc.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafd.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafe.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_internal_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaff.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOV4Framework_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab00.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab01.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOInstallerUI_enu_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab02.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOMessageProvider_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab03.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Excel.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab04.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Outlook.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Word.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab05.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab06.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab07.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab08.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\MSVSTOContainerControl_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab09.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib100_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0a.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib90_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0b.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOInstaller_exe_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0c.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0d.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0e.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_atl100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0f.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100chs_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab10.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100cht_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab11.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100deu_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100enu_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab12.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100esn_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100fra_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab13.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100ita_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab14.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100jpn_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100kor_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100rus_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab15.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100u_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab16.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100u_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcr100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab17.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab18.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_vcomp100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab19.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaeb.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaec.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_atl100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaed.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100chs_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaee.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100cht_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaef.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100deu_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100enu_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf0.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100esn_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100fra_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf1.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100ita_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf2.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100jpn_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100kor_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf3.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100rus_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100u_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf4.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100u_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_vcomp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcp100_x64	Jump to dropped file

Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe

File created: C:\Users\user\AppData\Local\Temp\Microsoft Visual Studio Tools for Office Runtime 2010 Setup_20240419_025312968-MSI_vc_red.msi.txt

Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1033\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1025\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\2052\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1028\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1030\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1031\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\3082\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1035\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1036\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1037\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1040\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1041\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1042\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1043\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1044\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1045\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1046\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1049\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1053\eula.rtf
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1025.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.2052.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1028.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1030.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1031.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1033.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.3082.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1035.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1036.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1037.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1040.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1041.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1042.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1043.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1044.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1045.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1046.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1049.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1053.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1033.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.2052.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1028.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1031.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.3082.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1036.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1040.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1041.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1042.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1025.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1030.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1035.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1037.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1043.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1044.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1045.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1046.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1049.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1053.txt
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1033\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1025\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\2052\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1028\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1030\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1031\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\3082\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1035\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1036\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1037\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1040\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1041\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1042\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1043\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1044\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1045\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1046\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1049\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1053\eula.rtf

Boot Survival

Creates or modifies windows services

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore

Jump to behavior

Modifies existing windows services

Source: C:\Windows\System32\SrTasks.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP

Jump to behavior

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {56aa9754-57aa-4a26-a164-12075d94eb2e}	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {56aa9754-57aa-4a26-a164-12075d94eb2e}	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {56aa9754-57aa-4a26-a164-12075d94eb2e}	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {56aa9754-57aa-4a26-a164-12075d94eb2e}	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found dropped PE file which has not been started or loaded

Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aafa.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_nld.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\2052\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1036\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1028.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_ptb.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_esn.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1042\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1036.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Dropped PE file which has not been started: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfcm100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaec.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\2052\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI390E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf9.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_ita.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1042\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100ita.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab00.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_deu.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_kor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_GAC_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\vcomp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab15.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft_VisualStudio_Tools_Applications_Hosting_v10_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_nor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100cht_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100rus_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1045\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI74A.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1033\SetupResources.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1035.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1044.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab0f.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_jpn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf2.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1036\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100chs_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aafe.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1033\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_ara.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100esn_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_kor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf5.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfcm100.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1045\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab04.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcp100_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_plk.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI1A47.tmp	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1040.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab12.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10_GAC_amd64.enu	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1031.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\3082\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1041.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\3082\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_rus.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_plk.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_vcomp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIEC1E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab0c.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1053\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1053\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab19.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100enu_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\SetupUi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Excel.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaef.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_chs.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\vcomp100.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_fra.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100kor_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1045.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1040\SetupResources.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1036.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI593.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100deu_x86	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.2052.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\SetupUi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1044.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1044\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTARuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaed.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcp100.dll	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Dropped PE file which has not been started: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.ba\bafunctions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab01.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aafb.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100cht.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_ptb.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_fra.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCoreInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1028\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI1A96.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf8.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_cht.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAServerDocument_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_ara.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_cht.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_chs.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_Pipeline_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1030.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_kor.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1031\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1030\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf3.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\MSVSTOContainerControl_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Outlook.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_esn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOContainerControl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI3A29.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab16.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100fra.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_nor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaff.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_fin.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100u_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100jpn_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1040.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1037\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1035\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_jpn.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{A5DF5AFE-B192-4687-96B1-CE307FC167B5}\.ba\bafunctions.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_fra.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1049.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI38AF.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_nld.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_dan.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_chs.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab05.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100chs_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf4.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1025\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_esn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfcm100u.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_cht.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab0b.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaee.rbf	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1043.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100kor.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.3082.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100jpn.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab11.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_atl100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI39AB.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_x86.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1046\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_nor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100u_x64	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1053.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100ita_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab17.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{A5DF5AFE-B192-4687-96B1-CE307FC167B5}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_chs.exe	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1037.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_cht.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100u_x86	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1045.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aafc.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100enu_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_jpn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf0.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1046.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab09.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIE789.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100u.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_fin.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_dan.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab02.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1049\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_plk.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1046\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100fra_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.2052.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_kor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100rus_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_deu.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1037\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100fra.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1031.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib100_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Word.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab0e.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100deu_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1043\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1041\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100kor.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_rus.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1041\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab14.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_ara.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1043\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1049\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOV4Framework_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1049.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_internal_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_ptb.exe	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1042.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100_x64	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1025.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_fra.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOInstallerUI_enu_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_nld.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf7.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab06.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_dan.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_vcomp100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab10.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_deu.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_nld.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_fin.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab0a.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI6DC.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1035.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_ita.exe	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1028.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab18.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100esn_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_deu.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1053.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100esn.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_ara.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf1.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab08.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI3B24.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1025\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_esn.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1040\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1044\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100jpn_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1037.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100ita.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_ita.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_rus.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aafd.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_fin.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1043.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib90_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1046.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_ptb.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_jpn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100cht_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab03.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1031\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1030\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1035\SetupResources.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.3082.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaeb.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab13.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcr100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI81F2.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAHosting_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100kor_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100ita_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab0d.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_nor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI1E21.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1028\SetupResources.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1041.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1025.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1042.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100rus.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_dan.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 44aae5.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOInstaller_exe_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab07.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100fra_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_Pipeline_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_ita.exe	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1030.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_rus.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOMessageProvider_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_atl100_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x86.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_plk.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf6.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100u_x86	Jump to dropped file

Found evaded block containing many API calls

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision

Found evasive API chain (date check)

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

Evasive API call chain: GetLocalTime,DecisionNodes

Found evasive API chain checking for process token information

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	API coverage: 8.9 %
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	API coverage: 9.1 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\SrTasks.exe TID: 7932	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe TID: 7484	Thread sleep time: -290000s >= -30000s
Source: C:\Windows\System32\msiexec.exe TID: 2208	Thread sleep count: 55 > 30

Uses the system / local time for branch decision (may execute only at specific dates)

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0004FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0004FF61h	0_2_0004FEC6
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0004FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0004FF5Ah	0_2_0004FEC6
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0097FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0097FF61h	1_2_0097FEC6
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0097FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0097FF5Ah	1_2_0097FEC6
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0068FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0068FF61h	2_2_0068FEC6
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0068FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0068FF5Ah	2_2_0068FEC6
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0019FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0019FF61h	11_2_0019FEC6
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0019FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0019FF5Ah	11_2_0019FEC6

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File Volume queried: C:\Windows FullSizeInformation	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00054440 FindFirstFileW,FindClose,	0_2_00054440
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00029B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	0_2_00029B43
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00013CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	0_2_00013CC4
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00984440 FindFirstFileW,FindClose,	1_2_00984440
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00959B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	1_2_00959B43
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00943CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	1_2_00943CC4
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBED856 FindFirstFileExW,_free,	1_2_6CBED856
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC06866 FindFirstFileW,FindClose,	1_2_6CC06866
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00694440 FindFirstFileW,FindClose,	2_2_00694440
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00669B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	2_2_00669B43
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00653CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	2_2_00653CC4
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001A4440 FindFirstFileW,FindClose,	11_2_001A4440
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00179B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	11_2_00179B43
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00163CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	11_2_00163CC4
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C16D856 FindFirstFileExW,_free,	13_2_6C16D856
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C186866 FindFirstFileW,FindClose,	13_2_6C186866

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_000597A5 VirtualQuery,GetSystemInfo,

0_2_000597A5

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\NULL	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL	Jump to behavior

Source: SrTasks.exe, 00000014.00000002.2360481141.00000210C504F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:5
Source: SrTasks.exe, 00000014.00000003.2278930233.00000210C5051000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: SrTasks.exe, 00000014.00000003.2278930233.00000210C5051000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:o
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2894425642.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.2611939090.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2894303109.00000000071C0000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.00000000013E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.00000000013E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C61000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: SrTasks.exe, 00000007.00000002.1931545404.00000234C2E47000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:GG
Source: SrTasks.exe, 00000014.00000003.2278930233.00000210C5051000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:88
Source: SrTasks.exe, 00000014.00000003.2343976320.00000210C504D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:QQ
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	API call chain: ExitProcess graph end node
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	API call chain: ExitProcess graph end node
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	API call chain: ExitProcess graph end node

Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe

Process information queried: ProcessInformation

Anti Debugging

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_0003E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_0003E88A

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_000448D8 mov eax, dword ptr fs:[00000030h]	0_2_000448D8
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_009748D8 mov eax, dword ptr fs:[00000030h]	1_2_009748D8
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE55CE mov eax, dword ptr fs:[00000030h]	1_2_6CBE55CE
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE9806 mov eax, dword ptr fs:[00000030h]	1_2_6CBE9806
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC141CF mov eax, dword ptr fs:[00000030h]	1_2_6CC141CF
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_006848D8 mov eax, dword ptr fs:[00000030h]	2_2_006848D8
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001948D8 mov eax, dword ptr fs:[00000030h]	11_2_001948D8
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1655CE mov eax, dword ptr fs:[00000030h]	13_2_6C1655CE
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C169806 mov eax, dword ptr fs:[00000030h]	13_2_6C169806
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1941CF mov eax, dword ptr fs:[00000030h]	13_2_6C1941CF

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_0001394F GetProcessHeap,RtlAllocateHeap,

0_2_0001394F

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0003E3D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0003E3D8
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0003E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0003E88A
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0003E9DC SetUnhandledExceptionFilter,	0_2_0003E9DC
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00043C76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00043C76
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0096E3D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_0096E3D8
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0096E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_0096E88A
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0096E9DC SetUnhandledExceptionFilter,	1_2_0096E9DC
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00973C76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00973C76
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE1CB4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_6CBE1CB4
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE9449 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6CBE9449
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE22CC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6CBE22CC
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC0EC80 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_6CC0EC80
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC10F7E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6CC10F7E
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC0F173 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6CC0F173
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0067E3D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_0067E3D8
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0067E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_0067E88A
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0067E9DC SetUnhandledExceptionFilter,	2_2_0067E9DC
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00683C76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00683C76
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0018E3D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_0018E3D8
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0018E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_0018E88A
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0018E9DC SetUnhandledExceptionFilter,	11_2_0018E9DC
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00193C76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00193C76
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C169449 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_6C169449
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C161CB4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_6C161CB4
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1622CC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_6C1622CC
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C18EC80 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_6C18EC80
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C190F7E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_6C190F7E
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C18F173 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_6C18F173

Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe "C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe" -burn.clean.room="C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe" -burn.filehandle.attached=532 -burn.filehandle.self=528	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe "C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe" -q -burn.elevated BurnPipe.{22255B69-8FB0-4B58-9A37-96EAAA229CC0} {B6A53FD5-A31E-4AF8-BB77-CA62C452506E} 7336	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe "C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe" /i /q /norestart	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" -burn.clean.room="C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /burn.log.append "C:\Users\user\AppData\Local\Temp\S&P_Capital_IQ_Pro_Office_20240419025210.log"	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe "C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe" /i /q /norestart	Jump to behavior
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe vstor40_x64.exe /q
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "c:\programdata\package cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\spcapiqprooffice-1.0.24095.1.exe" -burn.clean.room="c:\programdata\package cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\spcapiqprooffice-1.0.24095.1.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /burn.log.append "c:\users\user\appdata\local\temp\s&p_capital_iq_pro_office_20240419025210.log"
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "c:\programdata\package cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\spcapiqprooffice-1.0.24095.1.exe" -burn.clean.room="c:\programdata\package cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\spcapiqprooffice-1.0.24095.1.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /burn.log.append "c:\users\user\appdata\local\temp\s&p_capital_iq_pro_office_20240419025210.log"			Jump to behavior

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_00051719 InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree,

0_2_00051719

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_00053A5F AllocateAndInitializeSid,CheckTokenMembership,

0_2_00053A5F

Source: Setup.exe, 00000016.00000003.2269662808.000000000143C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000016.00000003.2596479385.0000000001421000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000016.00000002.2600670333.0000000001428000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Program ManagerapIQProOffice-1.0.24095.1.exe)N(

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_0003EC07 cpuid

0_2_0003EC07

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Queries volume information: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.ba\logo.png VolumeInformation	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\{A5DF5AFE-B192-4687-96B1-CE307FC167B5}\.ba\logo.png VolumeInformation	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation

Queries time zone information

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyName

Jump to behavior

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_00024EDF ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,

0_2_00024EDF

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_00016037 GetSystemTime,GetDateFormatW,GetLastError,GetLastError,GetDateFormatW,GetLastError,

0_2_00016037

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_000161DF GetUserNameW,GetLastError,

0_2_000161DF

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_0005887B GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,

0_2_0005887B

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_00015195 GetModuleHandleW,CoInitializeEx,GetVersionExW,GetLastError,CoUninitialize,

0_2_00015195

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
173.222.249.26	unknown	United States		20940	AKAMAI-ASN1EU	false
96.16.60.197	unknown	United States		16625	AKAMAI-ASUS	false

Cryptography

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0002A0BB DecryptFileW,	0_2_0002A0BB
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0004FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	0_2_0004FA62
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00029E9E DecryptFileW,DecryptFileW,	0_2_00029E9E
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0095A0BB DecryptFileW,	1_2_0095A0BB
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0097FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	1_2_0097FA62
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00959E9E DecryptFileW,DecryptFileW,	1_2_00959E9E
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0068FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	2_2_0068FA62
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00669E9E DecryptFileW,DecryptFileW,	2_2_00669E9E
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0066A0BB DecryptFileW,	2_2_0066A0BB
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0017A0BB DecryptFileW,	11_2_0017A0BB
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0019FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	11_2_0019FA62
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00179E9E DecryptFileW,DecryptFileW,	11_2_00179E9E

Compliance

Uses 32bit PE files

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP

Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.ini
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\vstor40_x64.cab
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1025.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.2052.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1028.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1030.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1031.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1033.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.3082.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1035.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1036.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1037.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1040.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1041.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1042.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1043.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1044.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1045.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1046.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1049.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1053.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\globdata.ini
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1025.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.2052.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1028.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1030.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1031.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1033.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.3082.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1035.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1036.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1037.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1040.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1041.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1042.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1043.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1044.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1045.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1046.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1049.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1053.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\vstor40_x64.MSI
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone

Jump to behavior

Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe

File created: C:\Users\user\AppData\Local\Temp\Microsoft Visual Studio Tools for Office Runtime 2010 Setup_20240419_025312968-MSI_vc_red.msi.txt

Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1033\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1025\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\2052\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1028\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1030\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1031\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\3082\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1035\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1036\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1037\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1040\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1041\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1042\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1043\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1044\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1045\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1046\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1049\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1053\eula.rtf
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1025.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.2052.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1028.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1030.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1031.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1033.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.3082.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1035.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1036.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1037.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1040.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1041.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1042.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1043.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1044.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1045.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1046.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1049.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1053.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1033.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.2052.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1028.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1031.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.3082.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1036.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1040.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1041.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1042.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1025.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1030.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1035.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1037.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1043.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1044.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1045.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1046.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1049.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1053.txt
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1033\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1025\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\2052\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1028\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1030\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1031\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\3082\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1035\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1036\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1037\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1040\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1041\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1042\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1043\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1044\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1045\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1046\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1049\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1053\eula.rtf

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: certificate valid

Source: C:\Windows\System32\msiexec.exe

File opened: c:\Windows\SysWOW64\msvcr100.dll

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\A\_work\681\a\WixBaDetectCapIqFunc.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2896800650.000000006CBF4000.00000002.00000001.01000000.0000000A.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895086718.000000006C174000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: l!SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(itcxszeg.pdb\|SNL.Clients.Office.Shim.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l.dsomi07c.pdb\|SNL.Clients.Office.PowerPoint.pdbb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584704299.00000000010BE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: !SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Excel.pdb!= source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\A\_work\681\a\WixBaDetectCapIqFunc.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2896800650.000000006CBF4000.00000002.00000001.01000000.0000000A.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895086718.000000006C174000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: SNL.Clients.Office.Shim.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Word.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l.dsomi07c.pdb\|SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2587094639.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Setup.pdb source: Setup.exe, 00000016.00000002.2599276952.0000000000851000.00000020.00000001.01000000.00000012.sdmp, Setup.exe, 00000016.00000000.2183636790.0000000000851000.00000020.00000001.01000000.00000012.sdmp, Setup.exe, 0000001D.00000000.2466014019.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, Setup.exe, 0000001D.00000002.2574358507.0000000000071000.00000020.00000001.01000000.0000001C.sdmp
Source:	Binary string: SNL.Clients.Office.Host.pdbM= source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\delivery\Dev\wix35\build\ship\x86\netfxca.pdb source: MSI6DC.tmp.23.dr
Source:	Binary string: Microsoft.Office.Tools.Excel.v9.0.pdbP source: 44aaf8.rbf.23.dr
Source:	Binary string: sqmapi.pdb source: Setup.exe, 00000016.00000002.2604661032.000000006BD81000.00000020.00000001.01000000.00000014.sdmp, Setup.exe, 0000001D.00000002.2577383725.000000006B9C1000.00000020.00000001.01000000.0000001E.sdmp
Source:	Binary string: SetupEngine.pdb source: Setup.exe, 00000016.00000002.2605209130.000000006BDC1000.00000020.00000001.01000000.00000013.sdmp, Setup.exe, 0000001D.00000002.2577668762.000000006B9F1000.00000020.00000001.01000000.0000001D.sdmp
Source:	Binary string: install.pdb source: vstor40_x64.exe, 00000018.00000002.2594285185.0000000000DC6000.00000004.00000020.00020000.00000000.sdmp, install.exe, 0000001A.00000002.2591416989.00007FF7AECA4000.00000002.00000001.01000000.0000001A.sdmp, install.exe, 0000001A.00000000.2413587318.00007FF7AECA4000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: l(wiwfwpgt.pdb\|SNL.Clients.Office.Word.pdb1 source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\dd\trinity\appnet\fx\runtime\ContractsV10\VSTOContract\objr\i386\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.pdb source: 44ab03.rbf.23.dr
Source:	Binary string: l!SNL.Clients.Office.PowerPoint.pdbj source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: MFCM100.amd64.pdbHp source: mfcm100.dll0.23.dr
Source:	Binary string: SNL.Clients.Office.Common.pdbX source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584704299.00000000010BE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(ombgpqa2.pdb\|SNL.Clients.Office.Host.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\dd\trinity\vsta\rt\VSTAAddInModel\CAA\objr\i386\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.pdb source: FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64.23.dr
Source:	Binary string: MFCM100.amd64.pdb source: mfcm100.dll0.23.dr
Source:	Binary string: l*txfpcpzj.pdb\|SNL.Clients.Office.Common.pdb7 source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584264924.00000000010D3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2587094639.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l"SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: SPCapIQProOffice-1.0.24095.1.exe
Source:	Binary string: sfxcab.pdb source: vstor_redist.exe, 00000012.00000002.2610552026.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor_redist.exe, 00000012.00000000.2089501904.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor40_x64.exe, 00000018.00000002.2594610762.0000000001002000.00000020.00000001.01000000.00000019.sdmp, vstor40_x64.exe, 00000018.00000000.2395505903.0000000001002000.00000020.00000001.01000000.00000019.sdmp, vstor_redist.exe, 00000019.00000002.2581768099.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor_redist.exe, 00000019.00000000.2411609798.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor40_LP_x86_heb.exe.18.dr, vstor40_LP_x64_deu.exe.18.dr
Source:	Binary string: l/c5bm5dgu.pdb\|SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586859040.00000000010DE000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584798602.00000000010B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l)zaakjhur.pdb\|SNL.Clients.Office.Excel.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584264924.00000000010D3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.Office.Tools.Excel.v9.0.pdb source: 44aaf8.rbf.23.dr
Source:	Binary string: f:\dd\trinity\appnet\fx\runtime\ContractsV10\VSTOContract\objr\i386\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.pdbD[^[ P[_CorDllMainmscoree.dll source: 44ab03.rbf.23.dr
Source:	Binary string: vstoee.pdbN source: vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8.23.dr
Source:	Binary string: patchhooks.pdb source: Setup.exe, 00000016.00000003.2275613374.000000000315F000.00000004.00000020.00020000.00000000.sdmp, vstor40_x64.exe, 00000018.00000002.2594285185.0000000000DC6000.00000004.00000020.00020000.00000000.sdmp, vc_red.msi0.25.dr
Source:	Binary string: C:\delivery\Dev\wix35\build\ship\x86\netfxca.pdb U source: MSI6DC.tmp.23.dr
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\WixStdBA.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2897428739.000000006CC1F000.00000002.00000001.01000000.00000007.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895658611.000000006C19F000.00000002.00000001.01000000.0000000F.sdmp, wixstdba.dll.13.dr
Source:	Binary string: SNL.Clients.Office.Excel.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Host.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(wiwfwpgt.pdb\|SNL.Clients.Office.Word.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l*txfpcpzj.pdb\|SNL.Clients.Office.Common.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: atl100.i386.pdb source: F_CENTRAL_atl100_x86.23.dr
Source:	Binary string: vstoee.pdb source: vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8.23.dr
Source:	Binary string: /c5bm5dgu.pdb\|SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Shim.pdbv source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .dsomi07c.pdb\|SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(itcxszeg.pdb\|SNL.Clients.Office.Shim.pdbx? source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Common.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887542922.00000000010C3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: "SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SetupResources.pdb source: SetupResources.dll6.18.dr, SetupResources.dll12.25.dr, SetupResources.dll9.18.dr, SetupResources.dll4.25.dr, SetupResources.dll16.18.dr, SetupResources.dll1.25.dr, SetupResources.dll16.25.dr
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\SfxCA.pdb source: MSI3B24.tmp.23.dr

Spreading

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Windows\System32\msiexec.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00054440 FindFirstFileW,FindClose,	0_2_00054440
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00029B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	0_2_00029B43
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00013CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	0_2_00013CC4
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00984440 FindFirstFileW,FindClose,	1_2_00984440
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00959B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	1_2_00959B43
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00943CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	1_2_00943CC4
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBED856 FindFirstFileExW,_free,	1_2_6CBED856
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC06866 FindFirstFileW,FindClose,	1_2_6CC06866
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00694440 FindFirstFileW,FindClose,	2_2_00694440
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00669B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	2_2_00669B43
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00653CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	2_2_00653CC4
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001A4440 FindFirstFileW,FindClose,	11_2_001A4440
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00179B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	11_2_00179B43
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00163CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	11_2_00163CC4
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C16D856 FindFirstFileExW,_free,	13_2_6C16D856
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C186866 FindFirstFileW,FindClose,	13_2_6C186866

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\NULL	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL	Jump to behavior

Networking

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

Code function: 1_2_00986357 InternetReadFile,WriteFile,WriteFile,GetLastError,GetLastError,

1_2_00986357

Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://appsyndication.org/2006/appsyn
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2894303109.00000000071C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digic
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Setup.exe, 00000016.00000003.2197466109.000000000141B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001D.00000002.2576934358.0000000003240000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.m
Source: Setup.exe, 0000001D.00000003.2482553908.000000000147F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.co
Source: Setup.exe, 0000001D.00000003.2482553908.000000000147F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microx
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2894303109.00000000071C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.dig
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: Setup.exe, 00000016.00000002.2600526077.0000000001416000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsoft.
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889517822.00000000035C0000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889695011.0000000003710000.00000004.00000800.00020000.00000000.sdmp, thm.xml.13.dr	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889695011.0000000003710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010(
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010g_VST
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2890706092.0000000002B30000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889517822.00000000035C0000.00000004.00000020.00020000.00000000.sdmp, thm.xml.13.dr	String found in binary or memory: https://ecs.syr.edu/faculty/fawcett/handouts/Coretechnologies/WindowsProgramming/WinUser.h
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.s
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spgloba
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.c
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001263000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001238000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933865731.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930450152.0000000002E46000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932358478.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933865731.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931854743.0000000000BFB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2889008138.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/-l
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/3
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/ap
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933865731.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932358478.0000000000C34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/of=
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032193426.0000000001084000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032900367.0000000001084000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/off
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933865731.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932358478.0000000000C34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032193426.0000000001084000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032900367.0000000001084000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/C
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Co_
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Con
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Conte
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930159833.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/Prereqs/NDP48/ndp48-x86-x
Source: BootstrapperApplicationData.xml.1.dr	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/Prereqs/VC_REDIST/vc_redi
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932045913.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930159833.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/Prereqs/VSTOR2010/vstor_r
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932045913.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932156175.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/en-US/OfficeTools-x64-1.0
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932045913.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930048010.0000000002E4E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/en-US/OfficeTools-x86-1.0
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931925320.0000000000C42000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C41000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C41000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1934087160.0000000000C44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/en-US/PluginManager-1.0.2
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932045913.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933988321.0000000000C3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/en-US/SPCapIQProOffice-x6
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932045913.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930048010.0000000002E4E000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932156175.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/apiservices/office-tools-service/Content/en-US/SPCapIQProOffice-x8
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/r_CN_1.0.24095.1.msi
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.0000000001348000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.cn/w
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032193426.0000000001084000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032900367.0000000001084000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.co
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2894303109.00000000071C0000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.0000000001348000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.00000000013BF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.00000000013E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001084000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032193426.0000000001084000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001038000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2894044221.0000000003660000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001091000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032900367.0000000001084000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.00000000007F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/&D
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.2611939090.00000000058E5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2894425642.00000000058E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/G~
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2894425642.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.2611939090.00000000058F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/S_m
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apis
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/offiQB
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-t7B
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933865731.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932358478.0000000000C34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-too
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-servi
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/C
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001060000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/Empower/e
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001060000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001038000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/Empower/empower-1.0.2409
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930159833.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/Prereqs/NDP48/ndp48-x86-
Source: BootstrapperApplicationData.xml.1.dr	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/Prereqs/VC_REDIST/vc_red
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C88000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932045913.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930159833.0000000002E4C000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2889008138.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889517822.00000000035C0000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1996686802.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889960960.0000000003B18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/Prereqs/VSTOR2010/vstor_
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933865731.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932358478.0000000000C34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/en-US/O;=
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2888186888.00000000027F0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2891213065.0000000002D02000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932045913.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930048010.0000000002E4E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/en-US/OfficeTools-x64-1.
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C41000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930048010.0000000002E4E000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C41000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2889008138.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1996686802.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889960960.0000000003B18000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889695011.0000000003710000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.000000000136E000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889960960.0000000003B22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/en-US/OfficeTools-x86-1.
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889960960.0000000003B22000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.00000000013E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001084000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032193426.0000000001084000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2884729362.0000000001038000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2894044221.0000000003660000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2032900367.0000000001084000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/en-US/PluginManager-1.0.
Source: BootstrapperApplicationData.xml.1.dr	String found in binary or memory: https://www.capitaliq.spglobal.com/apiservices/office-tools-service/Content/en-US/SPCapIQProOffice-x
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2894425642.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.2611939090.00000000058F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spglobal.com/j_
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.capitaliq.spz

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\VSTOR entropy: 7.99988204417	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\SPCapIQProOffice_x86_1.0.24095.1.msi entropy: 7.99937881279	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\.unverified\VSTOR (copy) entropy: 7.99988204417	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe (copy) entropy: 7.99988204417	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\.unverified\SPCapIQProOffice_x86_1.0.24095.1.msi (copy) entropy: 7.99937881279	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\{8ABF444C-2498-4B37-A960-91BFE1481ED5}v1.0.24095.1\SPCapIQProOffice-x86-1.0.24095.1.msi (copy) entropy: 7.99937881279	Jump to dropped file
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Users\user\AppData\Local\Temp\{A5DF5AFE-B192-4687-96B1-CE307FC167B5}\SPCapIQProOffice_x86_1.0.24095.1.msi entropy: 7.99937881279	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\VC_Red_x86\vc_red.cab entropy: 7.99982407421	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\VC_Red_x86\msp_kb2565063.msp entropy: 7.99425811628	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\VC_Red_x64\vc_red.cab entropy: 7.99987405973	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\VC_Red_x64\msp_kb2565063.msp entropy: 7.99496204849	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x86.exe entropy: 7.99650392964	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe entropy: 7.99725474517	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\vstor40_x64.cab entropy: 7.99970074299	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\VC_Red_x86\vc_red.cab entropy: 7.99982407421	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\VC_Red_x86\msp_kb2565063.msp entropy: 7.99425811628	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\VC_Red_x64\vc_red.cab entropy: 7.99987405973	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\VC_Red_x64\msp_kb2565063.msp entropy: 7.99496204849	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_x86.exe entropy: 7.99650392964	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_x64.exe entropy: 7.99725474517	Jump to dropped file

System Summary

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aadb.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aadc.msp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAF02.tmp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\atl100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100chs.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100cht.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100deu.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100enu.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100esn.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100fra.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100ita.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100jpn.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100kor.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100rus.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100u.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfcm100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfcm100u.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\vcomp100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_atl100_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100chs_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100cht_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100deu_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100enu_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100esn_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100fra_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100ita_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100jpn_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100kor_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100rus_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100u_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100u_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_vcomp100_x86
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aadf.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aadf.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae0.msp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae0.msp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae1.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae2.msp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC8E4.tmp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\atl100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100chs.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100cht.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100deu.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100enu.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100esn.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100fra.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100ita.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100jpn.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100kor.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100rus.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100u.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfcm100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfcm100u.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcp100_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\msvcp100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\msvcr100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\vcomp100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_atl100_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100chs_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100cht_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100deu_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100enu_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100esn_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100fra_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100ita_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100jpn_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100kor_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100rus_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100u_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100u_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcr100_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_vcomp100_x64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\CacheSize.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae6.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae6.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae7.msp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae7.msp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44aae8.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{FD9D64F4-CAF5-3D23-845A-B843C78CC1A5}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE6FC.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE789.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEC1E.tmp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_GAC_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_Pipeline_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10_GAC_amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_GAC_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_Pipeline_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft_VisualStudio_Tools_Applications_Hosting_v10_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_GAC_v10_enu_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAHosting_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTARuntime_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAServerDocument_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonImpl_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonInterfaces_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOContainerControl_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCoreInterfaces_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelHostAdapter_GAC_v10_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelImpl_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelInterfaces_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookHostAdapter_GAC_v10_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookImpl_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookInterfaces_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_internal_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOV4Framework_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordHostAdapter_GAC_v10_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordImpl_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordInterfaces_GAC_nomaf_runtime_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOInstallerUI_enu_x86.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOMessageProvider_x86.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Excel.Adapter_Pipeline.v10.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Outlook.Adapter_Pipeline.v10.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Word.Adapter_Pipeline.v10.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_GAC.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_Pipeline.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_GAC.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_Pipeline.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_GAC.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_Pipeline.amd64.enu
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\MSVSTOContainerControl_GAC_v10_amd64
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib100_x86.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib90_x86.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOInstaller_exe_x86.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44ab1b.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\44ab1b.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI593.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI6DC.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI74A.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A47.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A96.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1E21.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\44ab1c.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI38AF.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI390E.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI39AB.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3A29.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3B24.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI81F2.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat

Deletes files inside the Windows folder

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

File deleted: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\VSTOR.R

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0004001D	0_2_0004001D
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_000341EA	0_2_000341EA
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_000162AA	0_2_000162AA
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0003C332	0_2_0003C332
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_000403D5	0_2_000403D5
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0004A560	0_2_0004A560
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_000407AA	0_2_000407AA
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0001A8F1	0_2_0001A8F1
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0004AA0E	0_2_0004AA0E
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00040B6F	0_2_00040B6F
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0003FB89	0_2_0003FB89
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00042C18	0_2_00042C18
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00042E47	0_2_00042E47
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0004EE7C	0_2_0004EE7C
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0097001D	1_2_0097001D
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_009641EA	1_2_009641EA
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_009462AA	1_2_009462AA
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_009703D5	1_2_009703D5
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0096C332	1_2_0096C332
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0097A560	1_2_0097A560
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_009707AA	1_2_009707AA
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0094A8F1	1_2_0094A8F1
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0097AA0E	1_2_0097AA0E
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0096FB89	1_2_0096FB89
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00970B6F	1_2_00970B6F
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00972C18	1_2_00972C18
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00972E47	1_2_00972E47
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0097EE7C	1_2_0097EE7C
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBF3025	1_2_6CBF3025
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE71AF	1_2_6CBE71AF
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBEF100	1_2_6CBEF100
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBF1A45	1_2_6CBF1A45
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE73D8	1_2_6CBE73D8
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBF1B71	1_2_6CBF1B71
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC0BCB8	1_2_6CC0BCB8
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC0240C	1_2_6CC0240C
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC124C5	1_2_6CC124C5
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC18D6E	1_2_6CC18D6E
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC188C0	1_2_6CC188C0
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC1D9E8	1_2_6CC1D9E8
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC12296	1_2_6CC12296
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_006741EA	2_2_006741EA
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0068001D	2_2_0068001D
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_006562AA	2_2_006562AA
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0067C332	2_2_0067C332
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_006803D5	2_2_006803D5
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0068A560	2_2_0068A560
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_006807AA	2_2_006807AA
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0065A8F1	2_2_0065A8F1
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0068AA0E	2_2_0068AA0E
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00680B6F	2_2_00680B6F
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0067FB89	2_2_0067FB89
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00682C18	2_2_00682C18
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0068EE7C	2_2_0068EE7C
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00682E47	2_2_00682E47
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0019001D	11_2_0019001D
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001841EA	11_2_001841EA
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001662AA	11_2_001662AA
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0018C332	11_2_0018C332
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001903D5	11_2_001903D5
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0019A560	11_2_0019A560
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001907AA	11_2_001907AA
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0016A8F1	11_2_0016A8F1
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0019AA0E	11_2_0019AA0E
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00190B6F	11_2_00190B6F
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0018FB89	11_2_0018FB89
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00192C18	11_2_00192C18
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00192E47	11_2_00192E47
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0019EE7C	11_2_0019EE7C
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C173025	13_2_6C173025
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C16F100	13_2_6C16F100
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1671AF	13_2_6C1671AF
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C171A45	13_2_6C171A45
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C171B71	13_2_6C171B71
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1673D8	13_2_6C1673D8
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C18240C	13_2_6C18240C
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C18BCB8	13_2_6C18BCB8
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1924C5	13_2_6C1924C5
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C198D6E	13_2_6C198D6E
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1988C0	13_2_6C1988C0
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C19D9E8	13_2_6C19D9E8
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C192296	13_2_6C192296

Found potential string decryption / allocating functions

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00980237 appears 683 times
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00941F13 appears 54 times
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 009832F3 appears 83 times
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00943821 appears 501 times
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 6CC0DA9D appears 40 times
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 6CC05B74 appears 84 times
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00980726 appears 34 times
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00653821 appears 500 times
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 006932F3 appears 84 times
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00651F13 appears 54 times
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00690726 appears 34 times
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00690237 appears 685 times
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 001A0726 appears 34 times
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 6C18DA9D appears 40 times
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00161F13 appears 54 times
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 001A0237 appears 685 times
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00163821 appears 500 times
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 6C185B74 appears 84 times
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 001A32F3 appears 83 times
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00050726 appears 34 times
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00011F13 appears 54 times
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 000532F3 appears 83 times
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00013821 appears 501 times
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: String function: 00050237 appears 683 times

PE file contains executable resources (Code or Archives)

Source: SetupResources.dll13.18.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

PE file does not import any functions

Source: SetupResources.dll16.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll13.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll1.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll4.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll9.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll12.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll15.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll0.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll3.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll11.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll6.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll7.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll10.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll2.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll14.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll5.18.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll8.18.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2897666574.000000006CC2D000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamewixstdba.dll\ vs SPCapIQProOffice-1.0.24095.1.exe
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rights reserved.lBOriginalFilenameSPCapIQProOffice-1.0.24095.1.e vs SPCapIQProOffice-1.0.24095.1.exe
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: All rights reserved.lBOriginalFilenameSPCapIQProOffice-1.0.24095 vs SPCapIQProOffice-1.0.24095.1.exe
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895867977.000000006C1AD000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: OriginalFilenamewixstdba.dll\ vs SPCapIQProOffice-1.0.24095.1.exe

Uses 32bit PE files

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP

Source: vstor40_LP_x64_cht.exe.18.dr

Static PE information: Section: .rsrc ZLIB complexity 0.9887546101159115

Source: classification engine

Classification label: sus24.rans.evad.winEXE@77/696@0/2

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_0004FE21 FormatMessageW,GetLastError,LocalFree,

0_2_0004FE21

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_000145EE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	0_2_000145EE
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_009445EE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	1_2_009445EE
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_006545EE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	2_2_006545EE
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001645EE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	11_2_001645EE

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_0005304F GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,

0_2_0005304F

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

Code function: 1_2_6CC0D424 FindResourceExA,GetLastError,LoadResource,GetLastError,SizeofResource,GetLastError,LockResource,GetLastError,

1_2_6CC0D424

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_00036B88 ChangeServiceConfigW,GetLastError,

0_2_00036B88

Source: C:\Windows\System32\msiexec.exe

File created: c:\Program Files (x86)\Common Files\Microsoft Shared\VC

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7624:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4412:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4128:120:WilError_03
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Mutant created: \Sessions\1\BaseNamedObjects\SetupWatson_Mutex_Name
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7944:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4520:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2332:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1664:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1640:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5180:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3344:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7620:120:WilError_03
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\VC_Redist_SetupMutex

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

File created: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\

Jump to behavior

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msi.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: version.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: wininet.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: comres.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: clbcatq.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msasn1.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: crypt32.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: feclient.dll	0_2_00011070
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	0_2_00011070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msi.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: version.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: wininet.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: comres.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: clbcatq.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msasn1.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: crypt32.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: feclient.dll	1_2_00941070
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	1_2_00941070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msi.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: version.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: comres.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: clbcatq.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msasn1.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: crypt32.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: feclient.dll	2_2_00651070
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	2_2_00651070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msi.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: version.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: wininet.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: comres.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: clbcatq.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: msasn1.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: crypt32.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: feclient.dll	11_2_00161070
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Command line argument: cabinet.dll	11_2_00161070

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: SPCapIQProOffice-1.0.24095.1.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

File read: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe "C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe"
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe "C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe" -burn.clean.room="C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe" -burn.filehandle.attached=532 -burn.filehandle.self=528
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe "C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe" -q -burn.elevated BurnPipe.{22255B69-8FB0-4B58-9A37-96EAAA229CC0} {B6A53FD5-A31E-4AF8-BB77-CA62C452506E} 7336
Source: unknown	Process created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
Source: C:\Windows\System32\SrTasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" /burn.runonce
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" /burn.log.append "C:\Users\user\AppData\Local\Temp\S&P_Capital_IQ_Pro_Office_20240419025210.log"
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" -burn.clean.room="C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /burn.log.append "C:\Users\user\AppData\Local\Temp\S&P_Capital_IQ_Pro_Office_20240419025210.log"
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" -q -burn.elevated BurnPipe.{F8907890-6A84-4345-B5A9-D02185C4BBD7} {C0D578AC-8A16-4B2B-B0EB-8A9283D46FE9} 7396
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe "C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe" /i /q /norestart
Source: unknown	Process created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
Source: C:\Windows\System32\SrTasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Process created: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe c:\e4b15374fbeb09b00c2ff6ea22\Setup.exe /i /q /norestart
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe vstor40_x64.exe /q
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe "C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe" /i /q /norestart
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Process created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe c:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe /q
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe c:\Windows\syswow64\MsiExec.exe -Embedding 50D0C51C5F29CB2F939D1D66AF46B8FD
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe c:\Windows\System32\MsiExec.exe -Embedding 392B92B2C8922C55BB291E3DD13F1718
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Process created: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe c:\5dbc7bbf14917454e3442522d4a6\Setup.exe /i /q /norestart
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe c:\Windows\syswow64\MsiExec.exe -Embedding 8B188487738B9071562D9EF7776E0846 M Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe c:\Windows\System32\MsiExec.exe -Embedding 65B24CE328994E1BC77923B19C5082F3 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe c:\Windows\syswow64\MsiExec.exe -Embedding 417DB550FCDE732E3591759ED0C0D26B E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe "C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe" -burn.clean.room="C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe" -burn.filehandle.attached=532 -burn.filehandle.self=528	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe "C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe" -q -burn.elevated BurnPipe.{22255B69-8FB0-4B58-9A37-96EAAA229CC0} {B6A53FD5-A31E-4AF8-BB77-CA62C452506E} 7336	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe "C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe" /i /q /norestart	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" /burn.log.append "C:\Users\user\AppData\Local\Temp\S&P_Capital_IQ_Pro_Office_20240419025210.log"	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" -burn.clean.room="C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /burn.log.append "C:\Users\user\AppData\Local\Temp\S&P_Capital_IQ_Pro_Office_20240419025210.log"	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe "C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe" /i /q /norestart	Jump to behavior
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Process created: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe c:\e4b15374fbeb09b00c2ff6ea22\Setup.exe /i /q /norestart
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe vstor40_x64.exe /q
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe c:\Windows\syswow64\MsiExec.exe -Embedding 50D0C51C5F29CB2F939D1D66AF46B8FD
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe c:\Windows\System32\MsiExec.exe -Embedding 392B92B2C8922C55BB291E3DD13F1718
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe c:\Windows\syswow64\MsiExec.exe -Embedding 8B188487738B9071562D9EF7776E0846 M Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe c:\Windows\System32\MsiExec.exe -Embedding 65B24CE328994E1BC77923B19C5082F3 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe c:\Windows\syswow64\MsiExec.exe -Embedding 417DB550FCDE732E3591759ED0C0D26B E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Process created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe c:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe /q
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Process created: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe c:\5dbc7bbf14917454e3442522d4a6\Setup.exe /i /q /norestart
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: usoapi.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: sxproxy.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srcore.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: bcd.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vss_ps.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: usoapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: sxproxy.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: textshaping.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: textinputframework.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: coreuicomponents.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: ntmarta.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: clusapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: dnsapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: iphlpapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wkscli.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: cscapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: netutils.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: cryptsp.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: rsaenh.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: feclient.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: spp.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srclient.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: srcore.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: spp.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ktmw32.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: wer.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: spp.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: bcd.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: msxml3.dll
Source: C:\Windows\System32\SrTasks.exe	Section loaded: vss_ps.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: apphelp.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: acgenral.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: uxtheme.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: winmm.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: samcli.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msacm32.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: version.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: userenv.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: dwmapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: urlmon.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: mpr.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: sspicli.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: winmmbase.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: winmmbase.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: iertutil.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: srvcli.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: netutils.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: setupengine.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: winhttp.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: secur32.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: sqmapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msasn1.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: windows.storage.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: wldp.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: profapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: ntmarta.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: kernel.appcore.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msxml3.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: cryptsp.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: rsaenh.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: cryptbase.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: gpapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: msisip.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: srpapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: tsappcmp.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: netapi32.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: apphelp.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: uxtheme.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: textshaping.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: kernel.appcore.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: textinputframework.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: coreuicomponents.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: coremessaging.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: ntmarta.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: wintypes.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: wintypes.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: wintypes.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: clusapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: dnsapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: iphlpapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: wkscli.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: cscapi.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: netutils.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: cryptsp.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: rsaenh.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: cryptbase.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: feclient.dll
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: textshaping.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: textinputframework.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: coreuicomponents.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: ntmarta.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: clusapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: dnsapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: iphlpapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: wkscli.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: cscapi.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: netutils.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: cryptsp.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: rsaenh.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: feclient.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Section loaded: apphelp.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: apphelp.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: version.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: uxtheme.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: install.res.2057.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: install.res.1033.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: secur32.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: msi.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: kernel.appcore.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: srpapi.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: tsappcmp.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: netapi32.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: wkscli.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: netutils.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: windows.storage.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: wldp.dll
Source: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: apphelp.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: acgenral.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: uxtheme.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: winmm.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: samcli.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msacm32.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: version.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: userenv.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: dwmapi.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: urlmon.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: mpr.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: sspicli.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: winmmbase.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: winmmbase.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: iertutil.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: srvcli.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: netutils.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: setupengine.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msi.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: winhttp.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: secur32.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: sqmapi.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msasn1.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: profapi.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: ntmarta.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: kernel.appcore.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Section loaded: msxml3.dll

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File written: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.ini

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Automated click: Install
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Automated click: Install
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

Window detected: Number of UI elements: 20

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.ini
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\vstor40_x64.cab
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1025.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.2052.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1028.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1030.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1031.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1033.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.3082.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1035.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1036.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1037.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1040.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1041.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1042.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1043.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1044.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1045.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1046.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1049.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1053.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\globdata.ini
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1025.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.2052.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1028.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1030.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1031.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1033.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.3082.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1035.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1036.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1037.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1040.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1041.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1042.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1043.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1044.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1045.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1046.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1049.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1053.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\vstor40_x64.MSI
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: certificate valid

Source: C:\Windows\System32\msiexec.exe

File opened: c:\Windows\SysWOW64\msvcr100.dll

Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SPCapIQProOffice-1.0.24095.1.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\A\_work\681\a\WixBaDetectCapIqFunc.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2896800650.000000006CBF4000.00000002.00000001.01000000.0000000A.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895086718.000000006C174000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: l!SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(itcxszeg.pdb\|SNL.Clients.Office.Shim.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l.dsomi07c.pdb\|SNL.Clients.Office.PowerPoint.pdbb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584704299.00000000010BE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: !SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Excel.pdb!= source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\A\_work\681\a\WixBaDetectCapIqFunc.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2896800650.000000006CBF4000.00000002.00000001.01000000.0000000A.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895086718.000000006C174000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: SNL.Clients.Office.Shim.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Word.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l.dsomi07c.pdb\|SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2587094639.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Setup.pdb source: Setup.exe, 00000016.00000002.2599276952.0000000000851000.00000020.00000001.01000000.00000012.sdmp, Setup.exe, 00000016.00000000.2183636790.0000000000851000.00000020.00000001.01000000.00000012.sdmp, Setup.exe, 0000001D.00000000.2466014019.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, Setup.exe, 0000001D.00000002.2574358507.0000000000071000.00000020.00000001.01000000.0000001C.sdmp
Source:	Binary string: SNL.Clients.Office.Host.pdbM= source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\delivery\Dev\wix35\build\ship\x86\netfxca.pdb source: MSI6DC.tmp.23.dr
Source:	Binary string: Microsoft.Office.Tools.Excel.v9.0.pdbP source: 44aaf8.rbf.23.dr
Source:	Binary string: sqmapi.pdb source: Setup.exe, 00000016.00000002.2604661032.000000006BD81000.00000020.00000001.01000000.00000014.sdmp, Setup.exe, 0000001D.00000002.2577383725.000000006B9C1000.00000020.00000001.01000000.0000001E.sdmp
Source:	Binary string: SetupEngine.pdb source: Setup.exe, 00000016.00000002.2605209130.000000006BDC1000.00000020.00000001.01000000.00000013.sdmp, Setup.exe, 0000001D.00000002.2577668762.000000006B9F1000.00000020.00000001.01000000.0000001D.sdmp
Source:	Binary string: install.pdb source: vstor40_x64.exe, 00000018.00000002.2594285185.0000000000DC6000.00000004.00000020.00020000.00000000.sdmp, install.exe, 0000001A.00000002.2591416989.00007FF7AECA4000.00000002.00000001.01000000.0000001A.sdmp, install.exe, 0000001A.00000000.2413587318.00007FF7AECA4000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: l(wiwfwpgt.pdb\|SNL.Clients.Office.Word.pdb1 source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\dd\trinity\appnet\fx\runtime\ContractsV10\VSTOContract\objr\i386\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.pdb source: 44ab03.rbf.23.dr
Source:	Binary string: l!SNL.Clients.Office.PowerPoint.pdbj source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: MFCM100.amd64.pdbHp source: mfcm100.dll0.23.dr
Source:	Binary string: SNL.Clients.Office.Common.pdbX source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584704299.00000000010BE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(ombgpqa2.pdb\|SNL.Clients.Office.Host.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\dd\trinity\vsta\rt\VSTAAddInModel\CAA\objr\i386\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.pdb source: FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64.23.dr
Source:	Binary string: MFCM100.amd64.pdb source: mfcm100.dll0.23.dr
Source:	Binary string: l*txfpcpzj.pdb\|SNL.Clients.Office.Common.pdb7 source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584264924.00000000010D3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2587094639.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l"SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: SPCapIQProOffice-1.0.24095.1.exe
Source:	Binary string: sfxcab.pdb source: vstor_redist.exe, 00000012.00000002.2610552026.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor_redist.exe, 00000012.00000000.2089501904.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor40_x64.exe, 00000018.00000002.2594610762.0000000001002000.00000020.00000001.01000000.00000019.sdmp, vstor40_x64.exe, 00000018.00000000.2395505903.0000000001002000.00000020.00000001.01000000.00000019.sdmp, vstor_redist.exe, 00000019.00000002.2581768099.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor_redist.exe, 00000019.00000000.2411609798.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor40_LP_x86_heb.exe.18.dr, vstor40_LP_x64_deu.exe.18.dr
Source:	Binary string: l/c5bm5dgu.pdb\|SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586859040.00000000010DE000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584798602.00000000010B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l)zaakjhur.pdb\|SNL.Clients.Office.Excel.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584264924.00000000010D3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.Office.Tools.Excel.v9.0.pdb source: 44aaf8.rbf.23.dr
Source:	Binary string: f:\dd\trinity\appnet\fx\runtime\ContractsV10\VSTOContract\objr\i386\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.pdbD[^[ P[_CorDllMainmscoree.dll source: 44ab03.rbf.23.dr
Source:	Binary string: vstoee.pdbN source: vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8.23.dr
Source:	Binary string: patchhooks.pdb source: Setup.exe, 00000016.00000003.2275613374.000000000315F000.00000004.00000020.00020000.00000000.sdmp, vstor40_x64.exe, 00000018.00000002.2594285185.0000000000DC6000.00000004.00000020.00020000.00000000.sdmp, vc_red.msi0.25.dr
Source:	Binary string: C:\delivery\Dev\wix35\build\ship\x86\netfxca.pdb U source: MSI6DC.tmp.23.dr
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\WixStdBA.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2897428739.000000006CC1F000.00000002.00000001.01000000.00000007.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895658611.000000006C19F000.00000002.00000001.01000000.0000000F.sdmp, wixstdba.dll.13.dr
Source:	Binary string: SNL.Clients.Office.Excel.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Host.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(wiwfwpgt.pdb\|SNL.Clients.Office.Word.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l*txfpcpzj.pdb\|SNL.Clients.Office.Common.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: atl100.i386.pdb source: F_CENTRAL_atl100_x86.23.dr
Source:	Binary string: vstoee.pdb source: vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8.23.dr
Source:	Binary string: /c5bm5dgu.pdb\|SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Shim.pdbv source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .dsomi07c.pdb\|SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010DB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l(itcxszeg.pdb\|SNL.Clients.Office.Shim.pdbx? source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SNL.Clients.Office.Common.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887542922.00000000010C3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: "SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SetupResources.pdb source: SetupResources.dll6.18.dr, SetupResources.dll12.25.dr, SetupResources.dll9.18.dr, SetupResources.dll4.25.dr, SetupResources.dll16.18.dr, SetupResources.dll1.25.dr, SetupResources.dll16.25.dr
Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\SfxCA.pdb source: MSI3B24.tmp.23.dr

Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

PE file contains sections with non-standard names

Source: SPCapIQProOffice-1.0.24095.1.exe	Static PE information: section name: .wixburn
Source: SPCapIQProOffice-1.0.24095.1.exe.0.dr	Static PE information: section name: .wixburn
Source: SPCapIQProOffice-1.0.24095.1.exe.1.dr	Static PE information: section name: .wixburn
Source: SPCapIQProOffice-1.0.24095.1.exe.2.dr	Static PE information: section name: .wixburn

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0003EAD6 push ecx; ret	0_2_0003EAE9
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0096EAD6 push ecx; ret	1_2_0096EAE9
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE2496 push ecx; ret	1_2_6CBE24A9
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBF38B8 push ecx; ret	1_2_6CBF38B6
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC0F346 push ecx; ret	1_2_6CC0F359
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0067EAD6 push ecx; ret	2_2_0067EAE9
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0018EAD6 push ecx; ret	11_2_0018EAE9
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C162496 push ecx; ret	13_2_6C1624A9
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1738B8 push ecx; ret	13_2_6C1738B6
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C18F346 push ecx; ret	13_2_6C18F359

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob

Drops PE files

Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafa.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\2052\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_nld.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1036\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100cht.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_esn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1028.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_ptb.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1042\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1036.dll	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100u.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\sqmapi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaec.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\2052\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI390E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf9.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_ita.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1042\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab00.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100ita.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_deu.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_kor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_GAC_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\vcomp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab15.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft_VisualStudio_Tools_Applications_Hosting_v10_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_nor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100cht_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100rus_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1045\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI74A.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1033\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1044.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1035.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0f.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_jpn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf2.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1036\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100chs_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafe.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_ara.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1033\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100esn_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_kor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf5.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1045\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab04.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcp100_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_plk.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A47.tmp	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1040.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10_GAC_amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab12.rbf	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1031.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\3082\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1041.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\3082\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_rus.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_plk.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1033.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_vcomp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEC1E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0c.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1053\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1053\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab19.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100enu_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\SetupUi.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_chs.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Excel.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaef.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcomp100.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_fra.exe	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100kor_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1045.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1040\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1036.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI593.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100deu_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\atl100.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.2052.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\SetupUi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1044\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTARuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1044.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaed.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp100.dll	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.ba\bafunctions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafb.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab01.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcr100.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_ptb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100cht.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_fra.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCoreInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\sqmapi.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1028\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A96.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf8.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_cht.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAServerDocument_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_ara.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_cht.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_chs.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_Pipeline_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1030.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_kor.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1031\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1030\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf3.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\MSVSTOContainerControl_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Outlook.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_esn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOContainerControl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3A29.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab16.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100fra.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_nor.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_x64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaff.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_fin.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100u_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100jpn_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1037\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1040.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1035\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Users\user\AppData\Local\Temp\{A5DF5AFE-B192-4687-96B1-CE307FC167B5}\.ba\bafunctions.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_jpn.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_fra.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1049.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI38AF.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_nld.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_dan.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_chs.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab05.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100chs_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf4.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1025\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_esn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_cht.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0b.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaee.rbf	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1043.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100kor.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.3082.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab11.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100jpn.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_atl100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI39AB.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_x86.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100u_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_nor.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1046\SetupResources.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1053.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100ita_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab17.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Users\user\AppData\Local\Temp\{A5DF5AFE-B192-4687-96B1-CE307FC167B5}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_chs.exe	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1037.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_cht.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100u_x86	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1045.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafc.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_jpn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100enu_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1046.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab09.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf0.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE789.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100u.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_fin.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_dan.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab02.rbf	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1033.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1049\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_plk.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1046\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100fra_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.2052.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_kor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100rus_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_deu.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1037\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100fra.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib100_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1031.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Word.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0e.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100deu_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1043\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\1041\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100kor.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_rus.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1041\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab14.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_ara.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1043\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1049\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOV4Framework_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1049.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_internal_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100_x64	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1042.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_ptb.exe	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1025.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_fra.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOInstallerUI_enu_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_nld.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_dan.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf7.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab06.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_vcomp100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab10.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_deu.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_nld.exe	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_fin.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0a.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI6DC.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1035.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_ita.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab18.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100esn_x86	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1028.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_deu.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1053.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100esn.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_ara.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf1.rbf	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\.unverified\VSTOR (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab08.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3B24.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1025\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_esn.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1040\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1044\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100jpn_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1037.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100ita.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_ita.exe	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\VSTOR	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_rus.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_fin.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafd.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1043.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib90_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1046.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_ptb.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_jpn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100cht_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab03.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1031\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1030\SetupResources.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.3082.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1035\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaeb.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab13.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcr100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI81F2.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAHosting_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100kor_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100ita_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\SetupEngine.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0d.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_nor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1E21.tmp	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Users\user\AppData\Local\Temp\DEL80A9.tmp (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1025.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1041.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\1028\SetupResources.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1042.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: 44aae5.rbf (copy)	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_dan.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOInstaller_exe_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab07.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100fra_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_Pipeline_amd64	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1030.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_ita.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_rus.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\SetupEngine.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOMessageProvider_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_atl100_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x86.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_plk.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf6.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100u_x86	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe (copy)	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\.unverified\VSTOR (copy)	Jump to dropped file
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100u_x64	Jump to dropped file
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100ita_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI390E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100u_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100ita.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100enu_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_GAC_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\vcomp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE789.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft_VisualStudio_Tools_Applications_Hosting_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100cht_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100rus_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100fra_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI74A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100rus_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100fra.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100chs_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib100_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100esn_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Word.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcp100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100deu_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A47.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10_GAC_amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100kor.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOV4Framework_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_internal_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_vcomp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEC1E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOInstallerUI_enu_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_vcomp100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100enu_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Excel.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcomp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI6DC.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100kor_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI593.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100esn_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100deu_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTARuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.ba\bafunctions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3B24.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCoreInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1A96.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100jpn_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100ita.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAServerDocument_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\VSTOR	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_Pipeline_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib90_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\MSVSTOContainerControl_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Outlook.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100cht_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOContainerControl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3A29.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100fra.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100u_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100jpn_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcr100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI81F2.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAHosting_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100kor_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100ita_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1E21.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI38AF.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100chs_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOInstaller_exe_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100fra_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_Pipeline_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100kor.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOMessageProvider_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_atl100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_atl100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100u_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI39AB.tmp	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	File created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\VSTOR	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_Pipeline_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10_GAC_amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_Pipeline_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf5.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft_VisualStudio_Tools_Applications_Hosting_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_GAC_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf6.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAHosting_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf7.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTARuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAServerDocument_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf8.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf9.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOContainerControl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCoreInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafa.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafb.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafc.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafd.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aafe.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_internal_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaff.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOV4Framework_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab00.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab01.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOInstallerUI_enu_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab02.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOMessageProvider_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab03.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Excel.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab04.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Outlook.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Word.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab05.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab06.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab07.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab08.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\MSVSTOContainerControl_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab09.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib100_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0a.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib90_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0b.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOInstaller_exe_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0c.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0d.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0e.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_atl100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab0f.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100chs_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab10.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100cht_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab11.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100deu_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100enu_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab12.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100esn_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100fra_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab13.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100ita_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab14.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100jpn_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100kor_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100rus_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab15.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100u_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab16.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100u_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcr100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab17.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab18.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_vcomp100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44ab19.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaeb.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaec.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_atl100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaed.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100chs_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaee.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100cht_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaef.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100deu_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100enu_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf0.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100esn_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100fra_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf1.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100ita_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf2.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100jpn_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100kor_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf3.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100rus_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100u_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Config.Msi\44aaf4.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100u_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_vcomp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcp100_x64	Jump to dropped file

Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe

File created: C:\Users\user\AppData\Local\Temp\Microsoft Visual Studio Tools for Office Runtime 2010 Setup_20240419_025312968-MSI_vc_red.msi.txt

Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1033\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1025\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\2052\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1028\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1030\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1031\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\3082\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1035\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1036\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1037\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1040\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1041\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1042\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1043\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1044\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1045\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1046\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1049\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\e4b15374fbeb09b00c2ff6ea22\1053\eula.rtf
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1025.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.2052.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1028.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1030.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1031.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1033.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.3082.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1035.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1036.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1037.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1040.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1041.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1042.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1043.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1044.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1045.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1046.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1049.txt
Source: C:\Windows\System32\msiexec.exe	File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1053.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1033.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.2052.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1028.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1031.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.3082.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1036.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1040.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1041.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1042.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1025.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1030.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1035.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1037.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1043.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1044.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1045.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1046.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1049.txt
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1053.txt
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1033\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1025\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\2052\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1028\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1030\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1031\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\3082\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1035\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1036\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1037\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1040\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1041\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1042\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1043\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1044\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1045\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1046\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1049\eula.rtf
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	File created: c:\5dbc7bbf14917454e3442522d4a6\1053\eula.rtf

Boot Survival

Creates or modifies windows services

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore

Jump to behavior

Modifies existing windows services

Source: C:\Windows\System32\SrTasks.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP

Jump to behavior

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {56aa9754-57aa-4a26-a164-12075d94eb2e}	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {56aa9754-57aa-4a26-a164-12075d94eb2e}	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {56aa9754-57aa-4a26-a164-12075d94eb2e}	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {56aa9754-57aa-4a26-a164-12075d94eb2e}	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found dropped PE file which has not been started or loaded

Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aafa.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_nld.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\2052\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1036\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1028.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_ptb.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_esn.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1042\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1036.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Dropped PE file which has not been started: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfcm100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaec.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\2052\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI390E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf9.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_ita.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1042\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100ita.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab00.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_deu.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_kor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_GAC_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\vcomp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab15.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft_VisualStudio_Tools_Applications_Hosting_v10_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_nor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100cht_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100rus_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1045\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI74A.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1033\SetupResources.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1035.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1044.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab0f.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_jpn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf2.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1036\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100chs_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aafe.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1033\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_ara.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100esn_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_kor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf5.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfcm100.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1045\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab04.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcp100_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_plk.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI1A47.tmp	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1040.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab12.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10_GAC_amd64.enu	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1031.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\3082\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1041.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\3082\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_rus.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_plk.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_vcomp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIEC1E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab0c.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1053\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1053\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab19.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100enu_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\SetupUi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Excel.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaef.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_chs.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\vcomp100.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_fra.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100kor_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1045.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1040\SetupResources.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1036.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI593.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100deu_x86	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.2052.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\SetupUi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOWordImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1044.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1044\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTARuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaed.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcp100.dll	Jump to dropped file
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Dropped PE file which has not been started: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.ba\bafunctions.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab01.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aafb.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100cht.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_ptb.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_fra.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCoreInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1028\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI1A96.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf8.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_cht.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAServerDocument_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_ara.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_cht.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_chs.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_Pipeline_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1030.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_kor.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1031\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1030\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf3.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\MSVSTOContainerControl_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Outlook.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_esn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOContainerControl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI3A29.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab16.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100fra.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_nor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaff.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_fin.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100u_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100jpn_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1040.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1037\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1035\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_jpn.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{A5DF5AFE-B192-4687-96B1-CE307FC167B5}\.ba\bafunctions.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_fra.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1049.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI38AF.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_nld.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_dan.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_chs.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab05.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100chs_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf4.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1025\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_esn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfcm100u.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_cht.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab0b.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaee.rbf	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1043.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonInterfaces_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100kor.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.3082.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100jpn.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab11.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_atl100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI39AB.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_x86.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1046\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_nor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100u_x64	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1053.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100ita_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab17.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOExcelImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{A5DF5AFE-B192-4687-96B1-CE307FC167B5}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.Runtime.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_chs.exe	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1037.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_cht.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100u_x86	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1045.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aafc.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100enu_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_jpn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf0.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1046.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab09.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIE789.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100u.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_fin.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_dan.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab02.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1049\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_plk.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1046\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100fra_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.2052.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_kor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100rus_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_Pipeline.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_deu.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1037\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100fra.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1031.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib100_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.Office.Tools.Word.Adapter_Pipeline.v10.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab0e.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100deu_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1043\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\1041\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100kor.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_rus.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1041\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab14.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_ara.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1043\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1049\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOV4Framework_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1049.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTORuntime_GAC_nomaf_runtime_internal_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_ptb.exe	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1042.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfcm100_x64	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1025.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_fra.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOInstallerUI_enu_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_nld.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf7.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab06.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_dan.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_vcomp100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab10.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_deu.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_nld.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_fin.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab0a.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI6DC.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1035.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_ita.exe	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1028.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab18.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100esn_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_deu.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1053.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_GAC_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100esn.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_ara.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf1.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_heb.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab08.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_GAC.amd64.enu	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI3B24.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1025\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_esn.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1040\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1044\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100jpn_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1037.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100ita.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_ita.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_rus.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aafd.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_fin.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1043.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\vsto_shared_typelib90_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1046.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_ptb.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_jpn.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100cht_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab03.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1031\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1030\SetupResources.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1035\SetupResources.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.3082.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaeb.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab13.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_msvcr100_x64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI81F2.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTAHosting_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100kor_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100ita_x64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x86_sve.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab0d.rbf	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_nor.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOCommonImpl_GAC_nomaf_runtime_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI1E21.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\1028\SetupResources.dll	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1041.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1025.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1042.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100rus.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x64_dan.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: 44aae5.rbf (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\VSTOInstaller_exe_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44ab07.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100fra_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_MSVSTOOutlookHostAdapter_GAC_v10_amd64	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_Pipeline_amd64	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_ita.exe	Jump to dropped file
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe	Dropped PE file which has not been started: C:\9e8b505ac5bf67d26cfba004c7a3fd\install.res.1030.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_LP_x64_rus.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4F46D9DF5FAC32D348A58B347CC81C5A\10.0.60830\FL_VSTOMessageProvider_x86.3643236F_FC70_11D3_A536_0090278A1BB8	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_atl100_x86	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x86.exe	Jump to dropped file
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe	Dropped PE file which has not been started: C:\5dbc7bbf14917454e3442522d4a6\vstor40\vstor40_LP_x86_plk.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Config.Msi\44aaf6.rbf	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfcm100u_x86	Jump to dropped file

Found evaded block containing many API calls

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Evaded block: after key decision

Found evasive API chain (date check)

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

Evasive API call chain: GetLocalTime,DecisionNodes

Found evasive API chain checking for process token information

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	API coverage: 8.9 %
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	API coverage: 9.1 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\SrTasks.exe TID: 7932	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\SrTasks.exe TID: 7484	Thread sleep time: -290000s >= -30000s
Source: C:\Windows\System32\msiexec.exe TID: 2208	Thread sleep count: 55 > 30

Uses the system / local time for branch decision (may execute only at specific dates)

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0004FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0004FF61h	0_2_0004FEC6
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0004FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0004FF5Ah	0_2_0004FEC6
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0097FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0097FF61h	1_2_0097FEC6
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0097FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0097FF5Ah	1_2_0097FEC6
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0068FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0068FF61h	2_2_0068FEC6
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0068FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0068FF5Ah	2_2_0068FEC6
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0019FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0019FF61h	11_2_0019FEC6
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0019FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0019FF5Ah	11_2_0019FEC6

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File Volume queried: C:\Windows FullSizeInformation	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\5dbc7bbf14917454e3442522d4a6\Setup.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00054440 FindFirstFileW,FindClose,	0_2_00054440
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00029B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	0_2_00029B43
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00013CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	0_2_00013CC4
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00984440 FindFirstFileW,FindClose,	1_2_00984440
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00959B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	1_2_00959B43
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00943CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	1_2_00943CC4
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBED856 FindFirstFileExW,_free,	1_2_6CBED856
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC06866 FindFirstFileW,FindClose,	1_2_6CC06866
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00694440 FindFirstFileW,FindClose,	2_2_00694440
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00669B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	2_2_00669B43
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00653CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	2_2_00653CC4
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001A4440 FindFirstFileW,FindClose,	11_2_001A4440
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00179B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	11_2_00179B43
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00163CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	11_2_00163CC4
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C16D856 FindFirstFileExW,_free,	13_2_6C16D856
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C186866 FindFirstFileW,FindClose,	13_2_6C186866

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_000597A5 VirtualQuery,GetSystemInfo,

0_2_000597A5

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\NULL	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL	Jump to behavior

Source: SrTasks.exe, 00000014.00000002.2360481141.00000210C504F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:5
Source: SrTasks.exe, 00000014.00000003.2278930233.00000210C5051000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: SrTasks.exe, 00000014.00000003.2278930233.00000210C5051000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:o
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2894425642.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.2611939090.00000000058F4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2894303109.00000000071C0000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.00000000013E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2882904243.00000000013E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C61000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: SrTasks.exe, 00000007.00000002.1931545404.00000234C2E47000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:GG
Source: SrTasks.exe, 00000014.00000003.2278930233.00000210C5051000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:88
Source: SrTasks.exe, 00000014.00000003.2343976320.00000210C504D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:QQ
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2886220545.0000000000C88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	API call chain: ExitProcess graph end node
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	API call chain: ExitProcess graph end node
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	API call chain: ExitProcess graph end node

Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe

Process information queried: ProcessInformation

Anti Debugging

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_0003E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_0003E88A

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_000448D8 mov eax, dword ptr fs:[00000030h]	0_2_000448D8
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_009748D8 mov eax, dword ptr fs:[00000030h]	1_2_009748D8
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE55CE mov eax, dword ptr fs:[00000030h]	1_2_6CBE55CE
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE9806 mov eax, dword ptr fs:[00000030h]	1_2_6CBE9806
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC141CF mov eax, dword ptr fs:[00000030h]	1_2_6CC141CF
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_006848D8 mov eax, dword ptr fs:[00000030h]	2_2_006848D8
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_001948D8 mov eax, dword ptr fs:[00000030h]	11_2_001948D8
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1655CE mov eax, dword ptr fs:[00000030h]	13_2_6C1655CE
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C169806 mov eax, dword ptr fs:[00000030h]	13_2_6C169806
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1941CF mov eax, dword ptr fs:[00000030h]	13_2_6C1941CF

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_0001394F GetProcessHeap,RtlAllocateHeap,

0_2_0001394F

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0003E3D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0003E3D8
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0003E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0003E88A
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_0003E9DC SetUnhandledExceptionFilter,	0_2_0003E9DC
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Code function: 0_2_00043C76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00043C76
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0096E3D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_0096E3D8
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0096E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_0096E88A
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_0096E9DC SetUnhandledExceptionFilter,	1_2_0096E9DC
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_00973C76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00973C76
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE1CB4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_6CBE1CB4
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE9449 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6CBE9449
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CBE22CC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6CBE22CC
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC0EC80 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_6CC0EC80
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC10F7E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6CC10F7E
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Code function: 1_2_6CC0F173 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6CC0F173
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0067E3D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_0067E3D8
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0067E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_0067E88A
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_0067E9DC SetUnhandledExceptionFilter,	2_2_0067E9DC
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Code function: 2_2_00683C76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00683C76
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0018E3D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_0018E3D8
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0018E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_0018E88A
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_0018E9DC SetUnhandledExceptionFilter,	11_2_0018E9DC
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 11_2_00193C76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00193C76
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C169449 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_6C169449
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C161CB4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_6C161CB4
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C1622CC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_6C1622CC
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C18EC80 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_6C18EC80
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C190F7E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_6C190F7E
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Code function: 13_2_6C18F173 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_6C18F173

Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe "C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe" -burn.clean.room="C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe" -burn.filehandle.attached=532 -burn.filehandle.self=528	Jump to behavior
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe "C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe" -q -burn.elevated BurnPipe.{22255B69-8FB0-4B58-9A37-96EAAA229CC0} {B6A53FD5-A31E-4AF8-BB77-CA62C452506E} 7336	Jump to behavior
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe "C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe" /i /q /norestart	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" -burn.clean.room="C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /burn.log.append "C:\Users\user\AppData\Local\Temp\S&P_Capital_IQ_Pro_Office_20240419025210.log"	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe "C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe" /i /q /norestart	Jump to behavior
Source: C:\e4b15374fbeb09b00c2ff6ea22\Setup.exe	Process created: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe vstor40_x64.exe /q
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" /queue:3 /NoDependencies
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "c:\programdata\package cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\spcapiqprooffice-1.0.24095.1.exe" -burn.clean.room="c:\programdata\package cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\spcapiqprooffice-1.0.24095.1.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /burn.log.append "c:\users\user\appdata\local\temp\s&p_capital_iq_pro_office_20240419025210.log"
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Process created: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe "c:\programdata\package cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\spcapiqprooffice-1.0.24095.1.exe" -burn.clean.room="c:\programdata\package cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\spcapiqprooffice-1.0.24095.1.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /burn.log.append "c:\users\user\appdata\local\temp\s&p_capital_iq_pro_office_20240419025210.log"			Jump to behavior

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

0_2_00051719

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_00053A5F AllocateAndInitializeSid,CheckTokenMembership,

0_2_00053A5F

Binary or memory string: Program ManagerapIQProOffice-1.0.24095.1.exe)N(

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_0003EC07 cpuid

0_2_0003EC07

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe	Queries volume information: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.ba\logo.png VolumeInformation	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\{A5DF5AFE-B192-4687-96B1-CE307FC167B5}\.ba\logo.png VolumeInformation	Jump to behavior
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation

Queries time zone information

Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyName

Jump to behavior

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_00024EDF ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,

0_2_00024EDF

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_00016037 GetSystemTime,GetDateFormatW,GetLastError,GetLastError,GetDateFormatW,GetLastError,

0_2_00016037

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_000161DF GetUserNameW,GetLastError,

0_2_000161DF

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_0005887B GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,

0_2_0005887B

Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe

Code function: 0_2_00015195 GetModuleHandleW,CoInitializeEx,GetVersionExW,GetLastError,CoUninitialize,

0_2_00015195

Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1428493
Product:	CloudBasic
Start time:	02:51:22
Start date:	19.04.2024
Sample:	SPCapIQProOffice-1.0.24095.1.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	c09651c0422f8bb452b82232a454eee8
SHA1:	b7ec43f40cb6f8895de76d658fc4e8b2ecbb3038
SHA256:	dc5f345565aa2cc4dd0b446d96204cb9f7135757795370fd581ab4a9458d8b1d
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report SPCapIQProOffice-1.0.24095.1.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

Cryptography

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Windows Analysis Report
SPCapIQProOffice-1.0.24095.1.exe