Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 0_2_0002A0BB DecryptFileW, |
0_2_0002A0BB |
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 0_2_0004FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError, |
0_2_0004FA62 |
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 0_2_00029E9E DecryptFileW,DecryptFileW, |
0_2_00029E9E |
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 1_2_0095A0BB DecryptFileW, |
1_2_0095A0BB |
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 1_2_0097FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError, |
1_2_0097FA62 |
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 1_2_00959E9E DecryptFileW,DecryptFileW, |
1_2_00959E9E |
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 2_2_0068FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError, |
2_2_0068FA62 |
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 2_2_00669E9E DecryptFileW,DecryptFileW, |
2_2_00669E9E |
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 2_2_0066A0BB DecryptFileW, |
2_2_0066A0BB |
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 11_2_0017A0BB DecryptFileW, |
11_2_0017A0BB |
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 11_2_0019FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError, |
11_2_0019FA62 |
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 11_2_00179E9E DecryptFileW,DecryptFileW, |
11_2_00179E9E |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VC |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0 |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.ini |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\vstor40_x64.cab |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1025.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.2052.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1028.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1030.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1031.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1033.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.3082.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1035.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1036.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1037.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1040.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1041.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1042.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1043.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1044.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1045.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1046.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1049.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1053.txt |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\globdata.ini |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1025.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.2052.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1028.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1030.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1031.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1033.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.3082.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1035.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1036.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1037.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1040.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1041.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1042.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1043.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1044.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1045.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1046.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1049.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.res.1053.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033 |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\vstor40_x64.MSI |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe |
Source: C:\Windows\System32\msiexec.exe |
Directory created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1033\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1025\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\2052\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1028\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1030\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1031\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\3082\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1035\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1036\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1037\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1040\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1041\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1042\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1043\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1044\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1045\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1046\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1049\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\e4b15374fbeb09b00c2ff6ea22\1053\eula.rtf |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1025.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.2052.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1028.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1030.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1031.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1033.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.3082.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1035.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1036.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1037.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1040.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1041.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1042.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1043.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1044.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1045.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1046.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1049.txt |
Source: C:\Windows\System32\msiexec.exe |
File created: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\eula.1053.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1033.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.2052.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1028.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1031.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.3082.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1036.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1040.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1041.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1042.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1025.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1030.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1035.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1037.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1043.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1044.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1045.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1046.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1049.txt |
Source: C:\e4b15374fbeb09b00c2ff6ea22\vstor40\vstor40_x64.exe |
File created: c:\9e8b505ac5bf67d26cfba004c7a3fd\eula.1053.txt |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1033\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1025\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\2052\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1028\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1030\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1031\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\3082\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1035\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1036\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1037\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1040\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1041\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1042\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1043\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1044\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1045\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1046\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1049\eula.rtf |
Source: C:\ProgramData\Package Cache\56704865939C2388913D05724632D7B3B67D3CD9\vstor_redist.exe |
File created: c:\5dbc7bbf14917454e3442522d4a6\1053\eula.rtf |
Source: |
Binary string: D:\A\_work\681\a\WixBaDetectCapIqFunc.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2896800650.000000006CBF4000.00000002.00000001.01000000.0000000A.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895086718.000000006C174000.00000002.00000001.01000000.00000010.sdmp |
Source: |
Binary string: l!SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: l(itcxszeg.pdb|SNL.Clients.Office.Shim.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: l.dsomi07c.pdb|SNL.Clients.Office.PowerPoint.pdbb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584704299.00000000010BE000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: !SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: SNL.Clients.Office.Excel.pdb!= source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: D:\A\_work\681\a\WixBaDetectCapIqFunc.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2896800650.000000006CBF4000.00000002.00000001.01000000.0000000A.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895086718.000000006C174000.00000002.00000001.01000000.00000010.sdmp |
Source: |
Binary string: SNL.Clients.Office.Shim.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: SNL.Clients.Office.Word.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: l.dsomi07c.pdb|SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2587094639.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010DB000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Setup.pdb source: Setup.exe, 00000016.00000002.2599276952.0000000000851000.00000020.00000001.01000000.00000012.sdmp, Setup.exe, 00000016.00000000.2183636790.0000000000851000.00000020.00000001.01000000.00000012.sdmp, Setup.exe, 0000001D.00000000.2466014019.0000000000071000.00000020.00000001.01000000.0000001C.sdmp, Setup.exe, 0000001D.00000002.2574358507.0000000000071000.00000020.00000001.01000000.0000001C.sdmp |
Source: |
Binary string: SNL.Clients.Office.Host.pdbM= source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\delivery\Dev\wix35\build\ship\x86\netfxca.pdb source: MSI6DC.tmp.23.dr |
Source: |
Binary string: Microsoft.Office.Tools.Excel.v9.0.pdbP source: 44aaf8.rbf.23.dr |
Source: |
Binary string: sqmapi.pdb source: Setup.exe, 00000016.00000002.2604661032.000000006BD81000.00000020.00000001.01000000.00000014.sdmp, Setup.exe, 0000001D.00000002.2577383725.000000006B9C1000.00000020.00000001.01000000.0000001E.sdmp |
Source: |
Binary string: SetupEngine.pdb source: Setup.exe, 00000016.00000002.2605209130.000000006BDC1000.00000020.00000001.01000000.00000013.sdmp, Setup.exe, 0000001D.00000002.2577668762.000000006B9F1000.00000020.00000001.01000000.0000001D.sdmp |
Source: |
Binary string: install.pdb source: vstor40_x64.exe, 00000018.00000002.2594285185.0000000000DC6000.00000004.00000020.00020000.00000000.sdmp, install.exe, 0000001A.00000002.2591416989.00007FF7AECA4000.00000002.00000001.01000000.0000001A.sdmp, install.exe, 0000001A.00000000.2413587318.00007FF7AECA4000.00000002.00000001.01000000.0000001A.sdmp |
Source: |
Binary string: l(wiwfwpgt.pdb|SNL.Clients.Office.Word.pdb1 source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: f:\dd\trinity\appnet\fx\runtime\ContractsV10\VSTOContract\objr\i386\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.pdb source: 44ab03.rbf.23.dr |
Source: |
Binary string: l!SNL.Clients.Office.PowerPoint.pdbj source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: MFCM100.amd64.pdbHp source: mfcm100.dll0.23.dr |
Source: |
Binary string: SNL.Clients.Office.Common.pdbX source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584704299.00000000010BE000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: l(ombgpqa2.pdb|SNL.Clients.Office.Host.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: f:\dd\trinity\vsta\rt\VSTAAddInModel\CAA\objr\i386\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.pdb source: FL_MSVSTAAddInAdapter_Pipeline_v10_enu_amd64.23.dr |
Source: |
Binary string: MFCM100.amd64.pdb source: mfcm100.dll0.23.dr |
Source: |
Binary string: l*txfpcpzj.pdb|SNL.Clients.Office.Common.pdb7 source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584264924.00000000010D3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2587094639.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010D4000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: l"SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887871995.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: SPCapIQProOffice-1.0.24095.1.exe |
Source: |
Binary string: sfxcab.pdb source: vstor_redist.exe, 00000012.00000002.2610552026.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor_redist.exe, 00000012.00000000.2089501904.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor40_x64.exe, 00000018.00000002.2594610762.0000000001002000.00000020.00000001.01000000.00000019.sdmp, vstor40_x64.exe, 00000018.00000000.2395505903.0000000001002000.00000020.00000001.01000000.00000019.sdmp, vstor_redist.exe, 00000019.00000002.2581768099.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor_redist.exe, 00000019.00000000.2411609798.0000000001002000.00000020.00000001.01000000.00000011.sdmp, vstor40_LP_x86_heb.exe.18.dr, vstor40_LP_x64_deu.exe.18.dr |
Source: |
Binary string: l/c5bm5dgu.pdb|SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586859040.00000000010DE000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584798602.00000000010B3000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: l)zaakjhur.pdb|SNL.Clients.Office.Excel.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584264924.00000000010D3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Microsoft.Office.Tools.Excel.v9.0.pdb source: 44aaf8.rbf.23.dr |
Source: |
Binary string: f:\dd\trinity\appnet\fx\runtime\ContractsV10\VSTOContract\objr\i386\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.pdbD[^[ P[_CorDllMainmscoree.dll source: 44ab03.rbf.23.dr |
Source: |
Binary string: vstoee.pdbN source: vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8.23.dr |
Source: |
Binary string: patchhooks.pdb source: Setup.exe, 00000016.00000003.2275613374.000000000315F000.00000004.00000020.00020000.00000000.sdmp, vstor40_x64.exe, 00000018.00000002.2594285185.0000000000DC6000.00000004.00000020.00020000.00000000.sdmp, vc_red.msi0.25.dr |
Source: |
Binary string: C:\delivery\Dev\wix35\build\ship\x86\netfxca.pdb U source: MSI6DC.tmp.23.dr |
Source: |
Binary string: C:\agent\_work\8\s\build\ship\x86\WixStdBA.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2897428739.000000006CC1F000.00000002.00000001.01000000.00000007.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2895658611.000000006C19F000.00000002.00000001.01000000.0000000F.sdmp, wixstdba.dll.13.dr |
Source: |
Binary string: SNL.Clients.Office.Excel.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: SNL.Clients.Office.Host.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: l(wiwfwpgt.pdb|SNL.Clients.Office.Word.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: l*txfpcpzj.pdb|SNL.Clients.Office.Common.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: atl100.i386.pdb source: F_CENTRAL_atl100_x86.23.dr |
Source: |
Binary string: vstoee.pdb source: vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8.23.dr |
Source: |
Binary string: /c5bm5dgu.pdb|SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010DB000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: SNL.Clients.Office.Shim.pdbv source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586195091.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2583715727.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2584419135.00000000010CF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: .dsomi07c.pdb|SNL.Clients.Office.PowerPoint.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010DB000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: l(itcxszeg.pdb|SNL.Clients.Office.Shim.pdbx? source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2586079679.00000000010AA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: SNL.Clients.Office.Common.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585529102.00000000010C3000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000002.2887542922.00000000010C3000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: "SNL.Clients.Office.Common.Core.pdb source: SPCapIQProOffice-1.0.24095.1.exe, 00000010.00000003.2585201732.00000000010B6000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: SetupResources.pdb source: SetupResources.dll6.18.dr, SetupResources.dll12.25.dr, SetupResources.dll9.18.dr, SetupResources.dll4.25.dr, SetupResources.dll16.18.dr, SetupResources.dll1.25.dr, SetupResources.dll16.25.dr |
Source: |
Binary string: C:\agent\_work\8\s\build\ship\x86\SfxCA.pdb source: MSI3B24.tmp.23.dr |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 0_2_00054440 FindFirstFileW,FindClose, |
0_2_00054440 |
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 0_2_00029B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose, |
0_2_00029B43 |
Source: C:\Users\user\Desktop\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 0_2_00013CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, |
0_2_00013CC4 |
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 1_2_00984440 FindFirstFileW,FindClose, |
1_2_00984440 |
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 1_2_00959B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose, |
1_2_00959B43 |
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 1_2_00943CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, |
1_2_00943CC4 |
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 1_2_6CBED856 FindFirstFileExW,_free, |
1_2_6CBED856 |
Source: C:\Windows\Temp\{73829BDB-07F0-4DD2-B2DF-FEE38C08D320}\.cr\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 1_2_6CC06866 FindFirstFileW,FindClose, |
1_2_6CC06866 |
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 2_2_00694440 FindFirstFileW,FindClose, |
2_2_00694440 |
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 2_2_00669B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose, |
2_2_00669B43 |
Source: C:\Windows\Temp\{2575F37D-4D59-4ADE-9B35-833ABC76F3A4}\.be\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 2_2_00653CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, |
2_2_00653CC4 |
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 11_2_001A4440 FindFirstFileW,FindClose, |
11_2_001A4440 |
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 11_2_00179B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose, |
11_2_00179B43 |
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 11_2_00163CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose, |
11_2_00163CC4 |
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 13_2_6C16D856 FindFirstFileExW,_free, |
13_2_6C16D856 |
Source: C:\ProgramData\Package Cache\{56aa9754-57aa-4a26-a164-12075d94eb2e}\SPCapIQProOffice-1.0.24095.1.exe |
Code function: 13_2_6C186866 FindFirstFileW,FindClose, |
13_2_6C186866 |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://appsyndication.org/2006/appsyn |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2894303109.00000000071C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digic |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: Setup.exe, 00000016.00000003.2197466109.000000000141B000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001D.00000002.2576934358.0000000003240000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://go.m |
Source: Setup.exe, 0000001D.00000003.2482553908.000000000147F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://go.microsoft.co |
Source: Setup.exe, 0000001D.00000003.2482553908.000000000147F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://go.microx |
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2894303109.00000000071C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.dig |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: Setup.exe, 00000016.00000002.2600526077.0000000001416000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.microsoft. |
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889517822.00000000035C0000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889695011.0000000003710000.00000004.00000800.00020000.00000000.sdmp, thm.xml.13.dr |
String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010 |
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889695011.0000000003710000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010( |
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2892239144.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010g_VST |
Source: SPCapIQProOffice-1.0.24095.1.exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000002.2890706092.0000000002B30000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000002.2889517822.00000000035C0000.00000004.00000020.00020000.00000000.sdmp, thm.xml.13.dr |
String found in binary or memory: https://ecs.syr.edu/faculty/fawcett/handouts/Coretechnologies/WindowsProgramming/WinUser.h |
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.capitaliq. |
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.capitaliq.s |
Source: SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935258122.0000000001395000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.capitaliq.spgloba |
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.capitaliq.spglobal |
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634078534.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000001.00000003.1634159978.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1675920250.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001284000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.capitaliq.spglobal. |
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630207902.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000002.2883590175.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000000.00000003.1630373970.00000000006E4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.capitaliq.spglobal.c |
Source: SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001284000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001263000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2891582603.0000000003480000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.2027015327.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000003.1676056198.0000000001291000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 00000002.00000002.2884277947.0000000001238000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933865731.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1928049730.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1927825834.0000000000C33000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1930450152.0000000002E46000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931257225.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1932358478.0000000000C34000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000002.1933865731.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000B.00000003.1931854743.0000000000BFB000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929249126.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000003.1929606614.0000000000846000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2889008138.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000C.00000002.2883587516.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, SPCapIQProOffice-1.0.24095.1.exe, 0000000D.00000003.1935412502.0000000001395000.00000004.00000020.00020000.00000000.sdmp, SPCapIQPro |