plugx | dc5cebf756baf365971ac3ff0655a40d4b57fe115a762c90d0f41897a7bfb609

Analysis

max time kernel
281s
max time network
214s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
27-09-2022 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SPCapIQProOffice-1.0.22211.1.exe
Size

673KB
MD5

43a7f7024eb8795b902b4ba14b600840
SHA1

b7a192a8dc5470e1195d129bb760c971ee2ba202
SHA256

dc5cebf756baf365971ac3ff0655a40d4b57fe115a762c90d0f41897a7bfb609
SHA512

492c88910a0731045df2aa54b6bd0011055533ec437d9c762e21a1c6aaaf7d7e8c8f11f3e6e462a05684e76a58b71aa6c5934cf6e06d40492c06832c1396985a
SSDEEP

12288:/AjuakTOfDlEU4HWDblFlOTPThNp5aNUgrI7QCq8:ou/OfDlEUKWflmTP3parX8

Score

10^/10

plugx redline discovery infostealer persistence trojan

Malware Config

Signatures

Detects PlugX payload 1 IoCs

Processes:

resource	yara_rule
C:\4bf558310b97bded05694853\x64-Windows10.0-KB4486129-x64.cab	family_plugx

PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
trojan plugx
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
Downloads MZ/PE file

Executes dropped EXE 7 IoCs

Processes:

SPCapIQProOffice-1.0.22211.1.exeSPCapIQProOffice-1.0.22211.1.exendp48-x86-x64-allos-enu.exeSetup.exeSetupUtility.exeSetupUtility.exedismhost.exe

pid	process
3296	SPCapIQProOffice-1.0.22211.1.exe
4280	SPCapIQProOffice-1.0.22211.1.exe
1680	ndp48-x86-x64-allos-enu.exe
2104	Setup.exe
4508	SetupUtility.exe
3144	SetupUtility.exe
3676	dismhost.exe

Loads dropped DLL 21 IoCs

Processes:

SPCapIQProOffice-1.0.22211.1.exeSetup.exedismhost.exe

pid	process
3296	SPCapIQProOffice-1.0.22211.1.exe
3296	SPCapIQProOffice-1.0.22211.1.exe
2104	Setup.exe
2104	Setup.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe
3676	dismhost.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

SPCapIQProOffice-1.0.22211.1.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	SPCapIQProOffice-1.0.22211.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{1f9d8fb6-329b-495a-b21e-651e0f09301f} = "\"C:\\ProgramData\\Package Cache\\{1f9d8fb6-329b-495a-b21e-651e0f09301f}\\SPCapIQProOffice-1.0.22211.1.exe\" /burn.runonce"	SPCapIQProOffice-1.0.22211.1.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 2 IoCs

Processes:

dism.exedismhost.exe

description	ioc	process
File opened for modification	C:\Windows\Logs\DISM\dism.log	dism.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	svchost.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Setup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

svchost.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe

Modifies registry class 9 IoCs

Processes:

SPCapIQProOffice-1.0.22211.1.exe

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{1f9d8fb6-329b-495a-b21e-651e0f09301f}\Dependents	SPCapIQProOffice-1.0.22211.1.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{1f9d8fb6-329b-495a-b21e-651e0f09301f}	SPCapIQProOffice-1.0.22211.1.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{1f9d8fb6-329b-495a-b21e-651e0f09301f}	SPCapIQProOffice-1.0.22211.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{1f9d8fb6-329b-495a-b21e-651e0f09301f}\ = "{1f9d8fb6-329b-495a-b21e-651e0f09301f}"	SPCapIQProOffice-1.0.22211.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{1f9d8fb6-329b-495a-b21e-651e0f09301f}\Version = "1.0.22211.1"	SPCapIQProOffice-1.0.22211.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{1f9d8fb6-329b-495a-b21e-651e0f09301f}\DisplayName = "S&P Capital IQ Pro Office"	SPCapIQProOffice-1.0.22211.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{1f9d8fb6-329b-495a-b21e-651e0f09301f}\Dependents\{1f9d8fb6-329b-495a-b21e-651e0f09301f}	SPCapIQProOffice-1.0.22211.1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{1f9d8fb6-329b-495a-b21e-651e0f09301f}\Dependents	SPCapIQProOffice-1.0.22211.1.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\{1F9D8FB6-329B-495A-B21E-651E0F09301F}\DEPENDENTS\{1F9D8FB6-329B-495A-B21E-651E0F09301F}	SPCapIQProOffice-1.0.22211.1.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE	Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob = 5900000001000000160000005200530041002f005300480041003200350036000000190000000100000010000000bb048f1838395f6fc3a1f3d2b7e97654140000000100000014000000722d3a02319043b914054ee1eaa7c731d12389340300000001000000140000008f43288ad272f3103b6fb1428485ea3014c0bcfe69000000010000000e000000300c060a2b0601040182373c03020b00000001000000540000004d006900630072006f0073006f0066007400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003100310000000f0000000100000020000000279cd652c4e252bfbe5217ac722205d7729ba409148cfa9e6d9e5b1cb94eaff1040000000100000010000000ce0490d5e56c34a5ae0be98be581185d5c0000000100000004000000001000002000000001000000f1050000308205ed308203d5a00302010202103f8bc8b5fc9fb29643b569d66c42e144300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303131301e170d3131303332323232303532385a170d3336303332323232313330345a308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f72697479203230313130820222300d06092a864886f70d01010105000382020f003082020a0282020100b28041aa35384d13723268224db8b2f1ffd552bc6cc7f5d24a8c36eed1c25c7e8c8aaeaf13286fc073e33aced025a85a3a6defa8b859ab132368cd0c2987d16f805c8f447f5d90015258ac51c55f2a87dcdcd80a1dc103b97bb056e8a3de6461c29ef8f37cb9ec0db554fe4cb6654f88f09c48990c420b097c315917790678288d893a4c0325be716a5c0be78460a49922e3d2af84a4a7fbd198ed0ca9de9489e10ea0dcc0ce993dea0852bb5679e41f84ba1eb8b4c4495c4f314b87dddd0567269980e07111a3b8a541e2a453b9f73229830c13bf365e04b34b43472f6be2911ed3984fdd4207c8e81d12fc99a96b3e927ec8d6693afc64bdb6099dcafd0c0ba29b77604b0394a4306912d6422dc1414ccadcaafd8f5b83469ad9fcb1d1e3b3c97f487acd24f0418f5c74d0acb010200649b7c72d21c857e3d086f30368fbd0ce71c189994a64016cfdec3091cf413c92c7e5ba861d6184c75f833962aeb4922f47f30bf855eba01f59d0bb749b1ed076e6f2e906d710e8fa64de69c635968802f046b83f27996fcb71892935f7481602358fd5797c4d02cf5feb8a834f457188f9a90d4e72e9c29c07cf491b4e040e63518c5ed800c1552cb6c6e0c2654ec93439f59cb3c47ee8616e135f15c45fd97eed1dceee44eccb2e86b1ec38f670edab5c13c1d90f0dc780b255ed34f7ac9be4c3dae7473ca6b58f31dfc54bafebf10203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414722d3a02319043b914054ee1eaa7c731d1238934301006092b06010401823715010403020100300d06092a864886f70d01010b050003820201007f72cf0fb7c515db9bc049ca265bfe9e13e6d3f0d2db975ff24b3f4db3ae19aeedd797a0acefa93aa3c241b0e5b8919e13812403e609fd3f574039212456d1102f4b40a936864bb453579afbf17e898f11fe186c51aae8ed0995b5e571c9a1e98775a6157fc97e37545e7493c5c367cc0d4f6ba8170c6d08927e8bdd81aa2d7021c33d0614bbbf245ea784d73f0f2122bd4b0006db971cd85ed4c50b5c876e50a4e8c338a4fbcb2cc592669b855ecb7a6c937c8029585b57b54069ba0879a66462159d879645b5662320038b1c73a0d3a27933e0505986db2fe50225ea732a9f0014c836c7923be94e00ecd85609b9334912d2540b01abac47b691297d4cb475805201e8ca82f69fccac9c8f17ea2f26b0ab72ac0bfe9e511ec74355674f51b357d6b6ecee52b73ae94ee1d78188bc4f8e75bb4ba8f035aa26d4676749b2704c3b93dc1ddf78908672b238a4d1dc924dc958eb2b125cd43bae8c6bb083e5013ff80932f693353422afdd370d7709802bcd4800f18c9919470501e9d1bfd14ed0e628433799a40a4a08d99a7173d2aacd31136376a1376f92381e7d123c6632e7cb6de1fc5289ddcad666059a9661bea228c71ca3a736503c3aa4df4a6ee6873bceebf0e081379d133c528ebdb91d34c61dd50a6a3d9829708c892ad1ab8210481fdcf4efa5c5bb551a3863844eb76cad9554ec6522104917b8c01ec70fac5447	Setup.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

Setup.exe

pid process

2104 Setup.exe
2104 Setup.exe
2104 Setup.exe
2104 Setup.exe

pid	process
2104	Setup.exe
2104	Setup.exe
2104	Setup.exe
2104	Setup.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes:

vssvc.exesrtasks.exedism.exeSetup.exe

description	pid	process
Token: SeBackupPrivilege	1888	vssvc.exe
Token: SeRestorePrivilege	1888	vssvc.exe
Token: SeAuditPrivilege	1888	vssvc.exe
Token: SeBackupPrivilege	4732	srtasks.exe
Token: SeRestorePrivilege	4732	srtasks.exe
Token: SeSecurityPrivilege	4732	srtasks.exe
Token: SeTakeOwnershipPrivilege	4732	srtasks.exe
Token: SeBackupPrivilege	4732	srtasks.exe
Token: SeRestorePrivilege	4732	srtasks.exe
Token: SeSecurityPrivilege	4732	srtasks.exe
Token: SeTakeOwnershipPrivilege	4732	srtasks.exe
Token: SeBackupPrivilege	4864	dism.exe
Token: SeRestorePrivilege	4864	dism.exe
Token: SeRestorePrivilege	2104	Setup.exe
Token: SeBackupPrivilege	2104	Setup.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

SPCapIQProOffice-1.0.22211.1.exe

pid process

3296 SPCapIQProOffice-1.0.22211.1.exe

Suspicious use of WriteProcessMemory 22 IoCs

Processes:

SPCapIQProOffice-1.0.22211.1.exeSPCapIQProOffice-1.0.22211.1.exeSPCapIQProOffice-1.0.22211.1.exendp48-x86-x64-allos-enu.exeSetup.exedism.exe

description	pid	process	target process
PID 2656 wrote to memory of 3296	2656	SPCapIQProOffice-1.0.22211.1.exe	SPCapIQProOffice-1.0.22211.1.exe
PID 2656 wrote to memory of 3296	2656	SPCapIQProOffice-1.0.22211.1.exe	SPCapIQProOffice-1.0.22211.1.exe
PID 2656 wrote to memory of 3296	2656	SPCapIQProOffice-1.0.22211.1.exe	SPCapIQProOffice-1.0.22211.1.exe
PID 3296 wrote to memory of 4280	3296	SPCapIQProOffice-1.0.22211.1.exe	SPCapIQProOffice-1.0.22211.1.exe
PID 3296 wrote to memory of 4280	3296	SPCapIQProOffice-1.0.22211.1.exe	SPCapIQProOffice-1.0.22211.1.exe
PID 3296 wrote to memory of 4280	3296	SPCapIQProOffice-1.0.22211.1.exe	SPCapIQProOffice-1.0.22211.1.exe
PID 4280 wrote to memory of 1680	4280	SPCapIQProOffice-1.0.22211.1.exe	ndp48-x86-x64-allos-enu.exe
PID 4280 wrote to memory of 1680	4280	SPCapIQProOffice-1.0.22211.1.exe	ndp48-x86-x64-allos-enu.exe
PID 4280 wrote to memory of 1680	4280	SPCapIQProOffice-1.0.22211.1.exe	ndp48-x86-x64-allos-enu.exe
PID 1680 wrote to memory of 2104	1680	ndp48-x86-x64-allos-enu.exe	Setup.exe
PID 1680 wrote to memory of 2104	1680	ndp48-x86-x64-allos-enu.exe	Setup.exe
PID 1680 wrote to memory of 2104	1680	ndp48-x86-x64-allos-enu.exe	Setup.exe
PID 2104 wrote to memory of 4508	2104	Setup.exe	SetupUtility.exe
PID 2104 wrote to memory of 4508	2104	Setup.exe	SetupUtility.exe
PID 2104 wrote to memory of 4508	2104	Setup.exe	SetupUtility.exe
PID 2104 wrote to memory of 3144	2104	Setup.exe	SetupUtility.exe
PID 2104 wrote to memory of 3144	2104	Setup.exe	SetupUtility.exe
PID 2104 wrote to memory of 3144	2104	Setup.exe	SetupUtility.exe
PID 2104 wrote to memory of 4864	2104	Setup.exe	dism.exe
PID 2104 wrote to memory of 4864	2104	Setup.exe	dism.exe
PID 4864 wrote to memory of 3676	4864	dism.exe	dismhost.exe
PID 4864 wrote to memory of 3676	4864	dism.exe	dismhost.exe

C:\Users\Admin\AppData\Local\Temp\SPCapIQProOffice-1.0.22211.1.exe
"C:\Users\Admin\AppData\Local\Temp\SPCapIQProOffice-1.0.22211.1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2656

C:\Windows\Temp\{5755D1AA-6DB6-422F-8025-BD2E570B9C74}\.cr\SPCapIQProOffice-1.0.22211.1.exe
"C:\Windows\Temp\{5755D1AA-6DB6-422F-8025-BD2E570B9C74}\.cr\SPCapIQProOffice-1.0.22211.1.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\SPCapIQProOffice-1.0.22211.1.exe" -burn.filehandle.attached=544 -burn.filehandle.self=508
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3296

C:\Windows\Temp\{F449F09E-FB79-4B79-BE9E-C55E0CBAEC8E}\.be\SPCapIQProOffice-1.0.22211.1.exe
"C:\Windows\Temp\{F449F09E-FB79-4B79-BE9E-C55E0CBAEC8E}\.be\SPCapIQProOffice-1.0.22211.1.exe" -q -burn.elevated BurnPipe.{8B95B0B2-1283-4445-9429-28BA84640D6B} {D1DBDB0E-D107-469E-A37D-01FA7D267D39} 3296
3⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4280

C:\ProgramData\Package Cache\E322E2E0FB4C86172C38A97DC6C71982134F0570\ndp48-x86-x64-allos-enu.exe
"C:\ProgramData\Package Cache\E322E2E0FB4C86172C38A97DC6C71982134F0570\ndp48-x86-x64-allos-enu.exe" /i /q /norestart /ChainingPackage "S&P Capital IQ Pro Office" /log "C:\Users\Admin\AppData\Local\Temp\S&P_Capital_IQ_Pro_Office_20220927160910_000_NetFx48.log.html"
4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1680

C:\4bf558310b97bded05694853\Setup.exe
C:\4bf558310b97bded05694853\\Setup.exe /i /q /norestart /ChainingPackage "S&P Capital IQ Pro Office" /log "C:\Users\Admin\AppData\Local\Temp\S&P_Capital_IQ_Pro_Office_20220927160910_000_NetFx48.log.html" /x86 /x64 /redist
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2104

C:\4bf558310b97bded05694853\SetupUtility.exe
SetupUtility.exe /aupause
6⤵
- Executes dropped EXE
PID:4508

C:\4bf558310b97bded05694853\SetupUtility.exe
SetupUtility.exe /screboot
6⤵
- Executes dropped EXE
PID:3144

C:\Windows\System32\dism.exe
dism.exe /quiet /norestart /online /add-package /packagepath:"C:\4bf558310b97bded05694853\x64-Windows10.0-KB4486129-x64.cab"
6⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4864

C:\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\dismhost.exe {D8998231-B08A-4680-994E-1B6E8391F0C5}
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:3676

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1888

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4804

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4732

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\4bf558310b97bded05694853\1025\LocalizedData.xml
Filesize
80KB

MD5
d8165beb3b8433921d0d5611b85bfa35

SHA1
bef57e3511e18170ebbc9ae3aefd73ce3f50f8f4

SHA256
b092668e0825f7f498acdc1bf10e1d2cb6ca99497389142cf9af815f25a4b712

SHA512
9fa221f549b4e660c4f40c7ab0e483e3d9a9204248da51675058f32f4f56667c782667295decbb441a581f582a099fe34c6cc569d0c4ec13e85c680abf5870b0

Download Submit
C:\4bf558310b97bded05694853\1028\LocalizedData.xml
Filesize
69KB

MD5
f3a4fd6968658a18882cf300553f2f89

SHA1
b75ccaeff41bf9c8586bca612550cb9dca6b09ea

SHA256
53742293b25149b19d8677b15f6424fc71e308014b1bcf883e6949d1dab3961c

SHA512
9692c8577034c0e628a42d581f634ed174b4af684ee87c947556888027215bbf4c92286a3ad1cb1792fc6f7392190719ebef85b60fce48e20239abcb58d04d97

Download Submit
C:\4bf558310b97bded05694853\1029\LocalizedData.xml
Filesize
85KB

MD5
d6801174849373cde3f1d214d80fe834

SHA1
50caf47aa60b999ca7b43d3ceb75d0dbffd2278a

SHA256
cbb0da2d1efa7de6736e67c978848d53acf8b502bf3daf43ce40b05076145a7c

SHA512
a4cf812dc4fac888dad4ca986fcb07b93f45633fe5931f24afff4558d9a29734a0ac5d647f3bc631c377fba816c19bd44178398bb6166f6f84e5f05acb8e0a18

Download Submit
C:\4bf558310b97bded05694853\1030\LocalizedData.xml
Filesize
83KB

MD5
03b1e582ec5454b2fa3599e788569dfa

SHA1
75845acdd04fb17011218b06fd7c28830641f021

SHA256
59884541554376a26143b105fa924b9f9961254d22db8dedf7de7f3495d7a1dd

SHA512
23d1b1c2e2c78692a48b959bdb70c3c321a76792885b19805cafd543c0ef25856f8f115af766ea46f20eb2c440eaf31e656726710b12ae5f362779bea28035bc

Download Submit
C:\4bf558310b97bded05694853\1031\LocalizedData.xml
Filesize
88KB

MD5
afb4b1d7103ddca43ea723acbcdd31fd

SHA1
c4d95dfd4869df636091e979c8b3bd7684004a48

SHA256
961efe11e9e3e553269cb14dc1b942e9ac68b86740d59aa35e4ff6e5913532dd

SHA512
bde563d158e38f7a46abe564e365bbc9cfa235f4735f668a532919f0575bead27bdd6fa11ac50802c989f2f69371c2e9179c9affbc85954a9b4050f9122e26a5

Download Submit
C:\4bf558310b97bded05694853\1032\LocalizedData.xml
Filesize
90KB

MD5
71bdb323a746a4adab9ce42498e937bc

SHA1
8e58d4ba5623a50610bd99e82df135708a9f130e

SHA256
6c5a6e11a85c9e172e7748a9a9f19f8598870a63a103a7ac18cbbd0cdf026475

SHA512
b7d66fa4f1a1b7130cdd801447fe0c4965cba1618c01d4ff64b9707e3e132fb13858aa498ea26fb1e54b56daf83e5e7958c6a4fcc1a4ad6dd6c2ffa966e58b76

Download Submit
C:\4bf558310b97bded05694853\1033\LocalizedData.xml
Filesize
83KB

MD5
47703bed025228689a1032edae56b4c4

SHA1
a2aba33c7e8915025251574c81fe2e5ac6bc0893

SHA256
05fc9352b918a710d51f68873fc522528265455b77014e8b0cd66c5e7aa71dc3

SHA512
9d6eda9fc3be6116371d1b86b54b8b65ccd58c182105e0954870f75e2a6f4d7e8fc84462bfd3584175c0f849066e47d82cd18ae3bf1671e60cc237347b7cc00d

Download Submit
C:\4bf558310b97bded05694853\1035\LocalizedData.xml
Filesize
84KB

MD5
ad67691b3b5474154f65400e53ddfef2

SHA1
dc8dc683bf9fee12a5ab7297789a5c087e98facc

SHA256
1e828840ae8728ac809624845597406d4025d6da7797b38f02946a30a48bfe7c

SHA512
64ee113f0c3e173fee6047cc41ff3e84181aba2eb2b02ca5cc717caaf1392e5e2f0eed7e7c469d821d86878443bc8ec64c66e2afb1d850fb4c7e9823c3a5ea73

Download Submit
C:\4bf558310b97bded05694853\1036\LocalizedData.xml
Filesize
87KB

MD5
2c77cbaaf9c3ed0c4410c4b8c3c29c30

SHA1
110775ca1c6e252b4e8c8bf39b593dfb4d66206c

SHA256
ab3d5571b57b7bb705bffe13f37bd73894b0d12d09cc1fb1b438493a863c324c

SHA512
c1438b9b95bd16503f5a14d743e9c6c40cb46cd24a4bb48adf6f9162c61e8979c370e7e1eff8989db05ff5a496415a68b58cc16912a7c8215fecb72d252c5285

Download Submit
C:\4bf558310b97bded05694853\1037\LocalizedData.xml
Filesize
78KB

MD5
631011d665ad08220fe248d9f8a103ba

SHA1
652c56998d0e8bf0c43f136fd90c69728bb0e111

SHA256
e9877973bef23498b586a9cf03230fc45a9ea8a3f75decfa062b03bd31974b06

SHA512
cf479c0c5167e011721bd6b0f5829a62c0c269b1e1be13e5bb750516b8441a1d8ca20fafd0d539066f84d669f6f5e9401c223b82e200501716c719d268c3c1a0

Download Submit
C:\4bf558310b97bded05694853\1038\LocalizedData.xml
Filesize
86KB

MD5
28e8a2833f3d5302a1f5c2a84fa8990a

SHA1
08977251eb62c6df447c6754b2ec27a73d9071f1

SHA256
e4261c9b8c779d58883820a531a19594d238f0ca9ecac399505c569b0cccdbc7

SHA512
4a62afe84d4eb03bf2c65826b5765f270b3c9a3403b972bb00db66cb40b70d1809334fc3a8edf012c1ea31e4e3b8c6fed6423e9da14dd62ad76a12d525e515b9

Download Submit
C:\4bf558310b97bded05694853\1040\LocalizedData.xml
Filesize
85KB

MD5
e74a35a00e0228de37ee911f93411ed2

SHA1
c1c0901eb552c21ce2817b7edb94af611b571a49

SHA256
2ec36fb871853f60085bc972e08156483384f8c1d6e000f5db1cc8cccad05f8c

SHA512
8876e39093448d1ae5a1f53499272323747789fbaefdf9bd852fee161fa9c18ce0721164473a5a2279643b34a2727d870e0b802635288f2e32b15c40660ad06f

Download Submit
C:\4bf558310b97bded05694853\1041\LocalizedData.xml
Filesize
75KB

MD5
32e4d6f895a69bb2c373ff4c688d6b27

SHA1
57738235363c5f1a1c5651c65832396e3aef4414

SHA256
ae28910c1ef16ce70a5e97c5d02390ad8d64f80966e2be3c4a56db0c4038442d

SHA512
5052e8a218cf71b0e08de33665a58f9219282e00f2e4f6c19897a07863556a2408dc273ad3cc9257d98d6a57765321e0f1b051bed051f188947deda9d32dbdbe

Download Submit
C:\4bf558310b97bded05694853\1042\LocalizedData.xml
Filesize
73KB

MD5
47f8082069c52d2f7db1fc6aac2886df

SHA1
4b5c371e9006c10685f2c59ca9a7ebfb4a597a0a

SHA256
e86656ef2092c0e6caf5b8b0bca2d6ce5def273609c22187ae91236605d2e273

SHA512
7bdaf721e561c46609054f6786624149fd824abb1e3126b2a6b6385b56c6fe11414af216fca3ee2b1fe6a4b42ca8a19f46186ab1d4e70fb81b6f9af013c40018

Download Submit
C:\4bf558310b97bded05694853\1043\LocalizedData.xml
Filesize
85KB

MD5
e939717e7eaf1b7f53c4b752e62a22e7

SHA1
ca5a66c452ec6ca8bc04de95eac1616cf3980992

SHA256
8afdf3d2c0fd2370889e3fd96bc2742831cdc6041af0a407123c27f8d76d68a6

SHA512
ebfa725b8efc4448d669beea6f56eab9a317793ff1e21cbc51e015a1a31dfb8b1408e9df15023b878aca220465dbede09254f9a524ef7f6060877844994e17aa

Download Submit
C:\4bf558310b97bded05694853\1044\LocalizedData.xml
Filesize
84KB

MD5
b0d9e4dac3935bb596bb83b7d8474f8f

SHA1
29ce971b1a3ccf6f09eced6bff8e778df13f3d35

SHA256
3c309a5509d42e6485e9123bc6af5ec43cf2faa8afead5062676e85ab7f96add

SHA512
af4e4032a3b4a1696a3f252c03c8f5364089320e4181ebccd39d569d7577b11b70b4ae694d4a74e09bb61505664a01733dccb2d80aed64cb7142225dddd997e2

Download Submit
C:\4bf558310b97bded05694853\1045\LocalizedData.xml
Filesize
87KB

MD5
c3a238ffbf2dbb9f758e5c5b33948971

SHA1
56ceb241f3780dc4a9814332f44369188ded3e77

SHA256
2f0beba8a56cccaddfe6e0ecc3130d0efafb7f84cc0fa4e8db9d85c840e24241

SHA512
2def165951b958195a339f8b4a38aba310c428fbf89f0d7e708d44255f3cf59953550f8e4772626aa125e4a2cb3328601b5ca097f5e355423f4d5094cb8155ea

Download Submit
C:\4bf558310b97bded05694853\1046\LocalizedData.xml
Filesize
84KB

MD5
4a892aa3fedbfe5991b6ff46c00af55c

SHA1
421fe8f80432c56d022ff2911c4a5708093184c3

SHA256
aadbd1df74fc82a43f86f1f40d5065a802b2db71652525a78d258fda3197a743

SHA512
9391096ad6c721b50a300f3c8285291086c0f302f77a7edee7283ec8eb7432171edde5998d5c76587c6431eb3c7e5cba176d0c31f6963acd8d954ea9c6a6e619

Download Submit
C:\4bf558310b97bded05694853\1049\LocalizedData.xml
Filesize
86KB

MD5
d46f34e95e94fbfa4cb4a8dcc7ba3211

SHA1
3e2150c9dd44c4b3416051534ccf84968f2737cd

SHA256
a787b2f493c3248991877f61e210bb0231d357d06aa2671917d2ad4e528c9f67

SHA512
c740f7eba5187699b39265ba2238121a20d935d1320c0e344b767d537618cc2954bb7a6bacae12e7121cd1b4bca1ceb84e11bb80a347e7c2c79e87eb899adb7a

Download Submit
C:\4bf558310b97bded05694853\1053\LocalizedData.xml
Filesize
83KB

MD5
cb2e2edf7d7fefde9b3894923407f8c0

SHA1
541ec570f26bb30f4be35f1a87d4ccf6bc660f67

SHA256
874e5d7e45603ad70ca353e8dc6bf42944594f911d17c79be8966dc01d27eb73

SHA512
045fadda432280ec961da53b914adc9d9a31d02140282b3b37e89f01723d64b5659e3c1a61e9344f4440813efb8b932cf45f859b97cfbdc158c0802d70c5ecda

Download Submit
C:\4bf558310b97bded05694853\1055\LocalizedData.xml
Filesize
83KB

MD5
f020b0e38f1295924f1833e77859fc9a

SHA1
17467f2ebb8cbca89119d30b3ba7ae30691921e1

SHA256
8ce790eca06bae1b01f40f732580adea86d4c22b28d1e701e033c6c9983500c2

SHA512
bf01aea04827a46cb60cacf97993b319643e90aca82e1abc2c6750f01de0d638fc1b73931fe80e5441128eba70f364c1000b4ccd053b2e241c0a3916b75d670a

Download Submit
C:\4bf558310b97bded05694853\2052\LocalizedData.xml
Filesize
69KB

MD5
6cc370b95c9f3e3d28315759b496e977

SHA1
09e4aad0a389f0f876d21e132123dbbd83dc1314

SHA256
93e519e8cc173a3f1aa8dd8113ad4a1be0b5b8d40e1d0a1563dba2054b50433a

SHA512
3b2f19f97cb07f5c845d85cee1a0932c19ddd0efc0433e4b6f092e0e7782e9454c6ff43eb54a943e1e85764ca2ce8ff36a239ac319b09fd8042669d24af27f91

Download Submit
C:\4bf558310b97bded05694853\2070\LocalizedData.xml
Filesize
86KB

MD5
5b73409a0f1cbb707cd62a7956bc2f92

SHA1
1ce52fd3746c5bee7a3c3ef5aa8958e44b8761e3

SHA256
193090f4472f1a1c5ed10ab97fa4bf77bd4ff3f172f380ef4a53fef39989159a

SHA512
ecc775f665b7f0a192d04bd372542e3fadf89b47e4cc5373d2597b9df321b386e89f6fa695c0871fd56691be126e16443af91a7da34de018ceb47f90aa30e3f7

Download Submit
C:\4bf558310b97bded05694853\3082\LocalizedData.xml
Filesize
85KB

MD5
e2fc9d2a4fc56b64e3981dd7e0b076d5

SHA1
1660468ac360a0a52f1a84887a9bb9c6ca3c9d8d

SHA256
9e224a5f7a5c83df1ab31743520a05252c3cdcc9e97526264da716166d2b29f9

SHA512
ca9098a09a7450d02bda76f1d64480f27679610441e3df0858b231de4599f53ddf245b69d181d3fdd37ee846eb085dda0ec85cf1825ec2c7f0eaeea8423fefd3

Download Submit
C:\4bf558310b97bded05694853\DHTMLHeader.html
Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
C:\4bf558310b97bded05694853\ParameterInfo.xml
Filesize
2.7MB

MD5
1d9839d2aa01c91005752000749cf5cf

SHA1
540698e77846d1316c2c15ac858a31bd083ac037

SHA256
3dbf5ef577ea2d96461dcfd31d5be2f3066519a154a5000691e9596ff438d3e7

SHA512
1fc8c30eb287d7048b36bd7133c7665672efef2e674357b55b8d62ea85214e43dfe2ce73b9bc060de91ab8e738949db58b0aea9274c6b86ad141f0fa45f43ede

Download Submit
C:\4bf558310b97bded05694853\Setup.exe
Filesize
119KB

MD5
057ce4fb9c8e829af369afbc5c4dfd41

SHA1
094f9d5f107939250f03253cf6bb3a93ae5b2a10

SHA256
60dd7d10b3f88f1b17e39464bb2d7ca77c9267b846d90cf5728a518a117bd21b

SHA512
cae4df73a5b28863c14a5207fbbe4e0630e71215aa1271fe61117523cc32b8b82cd1ba63f698907fbfeb36d4007bb0f463828025957505cfcbb200f4ed5d3a52

Download Submit
C:\4bf558310b97bded05694853\Setup.exe
Filesize
119KB

MD5
057ce4fb9c8e829af369afbc5c4dfd41

SHA1
094f9d5f107939250f03253cf6bb3a93ae5b2a10

SHA256
60dd7d10b3f88f1b17e39464bb2d7ca77c9267b846d90cf5728a518a117bd21b

SHA512
cae4df73a5b28863c14a5207fbbe4e0630e71215aa1271fe61117523cc32b8b82cd1ba63f698907fbfeb36d4007bb0f463828025957505cfcbb200f4ed5d3a52

Download Submit
C:\4bf558310b97bded05694853\SetupEngine.dll
Filesize
893KB

MD5
f9618535477ddfef9fe8b531a44be1a3

SHA1
c137a4c7994032a6410ef0a7e6f0f3c5acb68e03

SHA256
236bf2b5cf6014b8ee22484afe172ace512cc99dba85080b082d47e9e189ea5c

SHA512
b85ae1a9cc334e9352c51aa94b2c74c6c067957e0e6021f7309a1c194fc64c0c50bb5efeaef7030e8689d75a22798f74cf719366a2fdcce26e23692510bfe064

Download Submit
C:\4bf558310b97bded05694853\SetupUtility.exe
Filesize
304KB

MD5
2a20ff4988db90ae0632d898916950ca

SHA1
f822b12f4efb31a99ec4df9a4d9c9806c55648fa

SHA256
289e23983692bdbd58ab0cb3b1668b5158d90a9937721185a75247a44d0c3243

SHA512
02003b403ec2375b9ee004978d522c91666f4aa642288ead9963ff0e5701d2ab8efa9b3854f13dca8d85cf7b6b2890b000148a24d3565c9e4399b27936b691b0

Download Submit
C:\4bf558310b97bded05694853\SetupUtility.exe
Filesize
304KB

MD5
2a20ff4988db90ae0632d898916950ca

SHA1
f822b12f4efb31a99ec4df9a4d9c9806c55648fa

SHA256
289e23983692bdbd58ab0cb3b1668b5158d90a9937721185a75247a44d0c3243

SHA512
02003b403ec2375b9ee004978d522c91666f4aa642288ead9963ff0e5701d2ab8efa9b3854f13dca8d85cf7b6b2890b000148a24d3565c9e4399b27936b691b0

Download Submit
C:\4bf558310b97bded05694853\SetupUtility.exe
Filesize
304KB

MD5
2a20ff4988db90ae0632d898916950ca

SHA1
f822b12f4efb31a99ec4df9a4d9c9806c55648fa

SHA256
289e23983692bdbd58ab0cb3b1668b5158d90a9937721185a75247a44d0c3243

SHA512
02003b403ec2375b9ee004978d522c91666f4aa642288ead9963ff0e5701d2ab8efa9b3854f13dca8d85cf7b6b2890b000148a24d3565c9e4399b27936b691b0

Download Submit
C:\4bf558310b97bded05694853\UiInfo.xml
Filesize
63KB

MD5
c99059acb88a8b651d7ab25e4047a52d

SHA1
45114125699fa472d54bc4c45c881667c117e5d4

SHA256
b879f9bc5b79349fa7b0bdbe63167be399c5278454c96773885bd70fbfe7c81d

SHA512
b23a7051f94d72d5a1a0914107e5c2be46c0ddee7ca510167065b55e2d1cb25f81927467370700b1cc7449348d152e9562566de501f3ea5673a2072248572e3b

Download Submit
C:\4bf558310b97bded05694853\sqmapi.dll
Filesize
223KB

MD5
0c0e41efeec8e4e78b43d7812857269a

SHA1
846033946013f959e29cd27ff3f0eaa17cb9e33f

SHA256
048d51885874d62952e150d69489bcfb643a5131ce8b70a49f10dfb34832702c

SHA512
e11da01852a92833c1632e121a2f2b6588b58f4f2166339a28dd02dad6af231a2260a7e5fc92e415d05aa65b71e8bbda065e82a2db49bb94b6cf2fe82b646c28

Download Submit
C:\4bf558310b97bded05694853\x64-Windows10.0-KB4486129-x64.cab
Filesize
423.8MB

MD5
d710e4e27cf3b0e93a32c141113882d2

SHA1
9f52728ce2d9f53d379947e3d5a6318c1fac0394

SHA256
6f2c40730b96864b997acb177397d7882600553b1a5dfb583cae8126aad85d64

SHA512
2422b4848a1ef905aba960da0fb8f45f8fd96f0c7a03ccdd7b59048952d977288513befb1420541dbbe32257a7233de7b09e9c60cb6f2bd45541c76cc4c6e265

Download Submit
C:\ProgramData\Package Cache\E322E2E0FB4C86172C38A97DC6C71982134F0570\ndp48-x86-x64-allos-enu.exe
Filesize
115.7MB

MD5
7d2b599470e34481138444866b7e4ea6

SHA1
e322e2e0fb4c86172c38a97dc6c71982134f0570

SHA256
68c9986a8dcc0214d909aa1f31bee9fb5461bb839edca996a75b08ddffc1483f

SHA512
ffb6c226af4e5c8ffa7210d5115701883abf12a8b1cbae6e08122fb94dd93763468bff5b00060eabef19c147b0a4d8063dde318d2b928ce397c58f7949736c5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\CbsProvider.dll
Filesize
837KB

MD5
299b6b11642c3ad2b17181b35e9dadc3

SHA1
1b1dbccd60304ba0be631db3a190ec59ecc84746

SHA256
45eec38b42144bf80e46ad7356cff12849aa11af45e73174e2101132716d79bd

SHA512
2943af89e024c94808a2428ed5923dead1c44748742acf20b66ff52ba6ed8375c4b7938eb5f79ca42701df07a9b5ba73ae2b18b848adff3aecd5bd3a52b6261a

Download Submit
C:\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\DismCorePS.dll
Filesize
160KB

MD5
4e43afafe9483d72a5838cdb8ea8d345

SHA1
779d8c234343da4ca7fbdb16b5861eecb025f6e3

SHA256
80e83929245c4377ecc73b7596ebf885d8e919b69ef975701a082d2b5cf2150e

SHA512
22267fe42128333940b9574fc5f5a70f0411280bd4e294bb456f987eb30c5ec1be12f4e5ce44e7007d793a3924032315782eaea96ab18da832ce56c1f0a3fe3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\DismHost.exe
Filesize
140KB

MD5
9ad8d8d2c6126cf9f65f4ba4cd24bcd9

SHA1
505e851852228545903c2423afa81039e0bd9447

SHA256
3687d79e43b9c3aa9ff31dbaafdd2f4674ce0937c7fe34813f43531f32e7aded

SHA512
e38d6af47c7443119fb73fcd6bcb23dd6b96bce19c4a98802af96fd6751e12a8add8c48cc0062ffe315aa7a5ffa6c38787c4f2051a8f6b97ac0dc86b3f8d279e

Download Submit
C:\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\LogProvider.dll
Filesize
139KB

MD5
76dccc4bec94a870cb544ea0ac90d574

SHA1
0e500d42b98d340aadd3e886b0c4abefa8b92bc5

SHA256
53637290e64e395a0f07d7423096ccf341ccdf1dcb6e821f4e99d47197ea849e

SHA512
ef01adbf1dfb3856d5a84512556f38af291c0938c1267c8d627e1205385f7be56b0a7e2127f18818f987b53f0a3f910bc930d692be2a8429d03728d086e91a0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\OSProvider.dll
Filesize
126KB

MD5
bb0d5feee5b2f65b28f517d48180ce7b

SHA1
63a3eee12a18bceec86ca94226171ffe13bd2fe3

SHA256
f6c4fd17a47daf4a6d03fc92904d0f9a1e6c68aadf99c2d11202d4d73606dc16

SHA512
d1fc630db506ad7174da9565fd658dc415f95bf9c2c47c21fa8fe41b0dbff9a585244a0b7079dfb31697f14edbc1c021fccff60ffd53b447c910c70de117dc5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\api-ms-win-base-util-l1-1-0.dll
Filesize
10KB

MD5
b8145fcbceb205515aa2ab68b67b6cd2

SHA1
0e360d6f478506895cb421c75507d92087a12ac8

SHA256
325f1ae552036a2d99b4bb72790e81b9b2189a9e11a10533536558852ce36de2

SHA512
ef062d3ae24f972f3c433d4c4eaeee6ff9bea5adfbcf8e5816e488f18845c296e4e784ec6d9a5e6803649e8baf29e9b67d9f98d597d072de9d4585219207311d

Download Submit
C:\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\api-ms-win-core-com-l1-1-0.dll
Filesize
15KB

MD5
b4000191a951302105f0a61efbda6272

SHA1
87b9ed3ac565b8f99ea52c08cfae81fce047261c

SHA256
b6b380bccd43c76d2acbf1a76d99f72c876cf7fe584c29da30f7fe0af7f99ce2

SHA512
3d4bf2821f3d79a37308894a470c68ced8fb9d307c3d5928be7740e5ba8591b3565880475a7f7bfc74c107e647a8a450dcabc99c5b9a763b666006c74b83a8a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\api-ms-win-core-comm-l1-1-0.dll
Filesize
11KB

MD5
22a0fc9eb4ebb04fd291dadbaeb01863

SHA1
4d932352d0e04163298bebcfd2fe829ee0667d33

SHA256
bdf2c64799df36b9588ef4ebc415ea1d717fb771513014d453aa0422988cdde8

SHA512
122bc8991b7d56c070ae0c987a9598773cf167d3d6aa257433e724e3d10d353466ea9ee44cfd125519a410703b65da9580510ad17e44d2f8169d8769c6f5eaf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\dismprov.dll
Filesize
242KB

MD5
2737782245a1d166a1f018b368815a16

SHA1
4fd57e0de191c817a733d07138c43ce9a010d64c

SHA256
498c301c9b5dfc36f1031988cb4a440ab17effd606345abd506a807f277b1938

SHA512
7830d377ae880183a2e51a9d557bf0fa324913df28b12f5d7aca815fb2e8a6b0373d76f36877f28cba4ce8bff32da62309fcdcb8ff3930c5f8a54963b7cfdeff

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt
Filesize
3KB

MD5
a840c9dbe751e510d2c57abfbeac3c52

SHA1
b037c8cf01ab6d0188872860fe393bcece3c8215

SHA256
e90665d28dc210367d3e3dcd5d5b730fe2eb142ae5fcb703a4fa1b82e3678d17

SHA512
43e60a6200ad822450d2c7b98d8214353320f750480808702ee55f2c8cfb70b7290b338e205192ee7d88feff6289ea5608bd6a0e6ca270a1c5d48496482e2772

Download Submit
C:\Windows\Logs\DISM\dism.log
Filesize
193KB

MD5
b21114b2ab3e5fb1dac04c49590868bb

SHA1
09baeafc71e6b5228b34e3104bfb66341179d259

SHA256
81273faaff026ebfa33c5551fa391ee7b98954df6c46e1c3578e2a9d028f0a70

SHA512
578dc05747e83b3146f47deda908a38e97e3ec3f51128196e79b5a255fad74c4ae25986cb09dfadc65a4dd67ecb468a0d5fcbd7b71737d72bb5f9c943857ef2c

Download Submit
C:\Windows\Temp\{5755D1AA-6DB6-422F-8025-BD2E570B9C74}\.cr\SPCapIQProOffice-1.0.22211.1.exe
Filesize
673KB

MD5
43a7f7024eb8795b902b4ba14b600840

SHA1
b7a192a8dc5470e1195d129bb760c971ee2ba202

SHA256
dc5cebf756baf365971ac3ff0655a40d4b57fe115a762c90d0f41897a7bfb609

SHA512
492c88910a0731045df2aa54b6bd0011055533ec437d9c762e21a1c6aaaf7d7e8c8f11f3e6e462a05684e76a58b71aa6c5934cf6e06d40492c06832c1396985a

Download Submit
C:\Windows\Temp\{5755D1AA-6DB6-422F-8025-BD2E570B9C74}\.cr\SPCapIQProOffice-1.0.22211.1.exe
Filesize
673KB

MD5
43a7f7024eb8795b902b4ba14b600840

SHA1
b7a192a8dc5470e1195d129bb760c971ee2ba202

SHA256
dc5cebf756baf365971ac3ff0655a40d4b57fe115a762c90d0f41897a7bfb609

SHA512
492c88910a0731045df2aa54b6bd0011055533ec437d9c762e21a1c6aaaf7d7e8c8f11f3e6e462a05684e76a58b71aa6c5934cf6e06d40492c06832c1396985a

Download Submit
C:\Windows\Temp\{F449F09E-FB79-4B79-BE9E-C55E0CBAEC8E}\.be\SPCapIQProOffice-1.0.22211.1.exe
Filesize
673KB

MD5
43a7f7024eb8795b902b4ba14b600840

SHA1
b7a192a8dc5470e1195d129bb760c971ee2ba202

SHA256
dc5cebf756baf365971ac3ff0655a40d4b57fe115a762c90d0f41897a7bfb609

SHA512
492c88910a0731045df2aa54b6bd0011055533ec437d9c762e21a1c6aaaf7d7e8c8f11f3e6e462a05684e76a58b71aa6c5934cf6e06d40492c06832c1396985a

Download Submit
C:\Windows\Temp\{F449F09E-FB79-4B79-BE9E-C55E0CBAEC8E}\.be\SPCapIQProOffice-1.0.22211.1.exe
Filesize
673KB

MD5
43a7f7024eb8795b902b4ba14b600840

SHA1
b7a192a8dc5470e1195d129bb760c971ee2ba202

SHA256
dc5cebf756baf365971ac3ff0655a40d4b57fe115a762c90d0f41897a7bfb609

SHA512
492c88910a0731045df2aa54b6bd0011055533ec437d9c762e21a1c6aaaf7d7e8c8f11f3e6e462a05684e76a58b71aa6c5934cf6e06d40492c06832c1396985a

Download Submit
C:\Windows\Temp\{F449F09E-FB79-4B79-BE9E-C55E0CBAEC8E}\NetFx48
Filesize
115.7MB

MD5
7d2b599470e34481138444866b7e4ea6

SHA1
e322e2e0fb4c86172c38a97dc6c71982134f0570

SHA256
68c9986a8dcc0214d909aa1f31bee9fb5461bb839edca996a75b08ddffc1483f

SHA512
ffb6c226af4e5c8ffa7210d5115701883abf12a8b1cbae6e08122fb94dd93763468bff5b00060eabef19c147b0a4d8063dde318d2b928ce397c58f7949736c5f

Download Submit
C:\Windows\Temp\{F449F09E-FB79-4B79-BE9E-C55E0CBAEC8E}\PluginManager_1.0.22211.1.msi
Filesize
4.2MB

MD5
b5ac6d25c9d30a3d74f78a030349dcde

SHA1
99f2eb8c69666b7fdeb42167dea2fbd0009eb3f9

SHA256
549ed04aab3b6ff3f82c1d7d687f691ac73ca1238319a8133e73d5faeb36e27c

SHA512
c43935572eb0225464758d7b961e58a627f93605e749fbf86a7798be4ea2ff2f8d3bf2bf473ba37a99cca44c9c25859828ecd47a44f99eb2fca0e4a9a5a66829

Download Submit
C:\Windows\Temp\{F449F09E-FB79-4B79-BE9E-C55E0CBAEC8E}\SPCapIQProOffice_x64_1.0.22211.1.msi
Filesize
126.9MB

MD5
3a0660f6d3313073c56d600a6e363ccd

SHA1
8937f2d98e85697e72ac01c04608b2710d163346

SHA256
fb033b94f7a332bdaba45128baef27b632994fbc61221de5ad87de0e983c7037

SHA512
3dae919b894b50bc0a41c8d5b03ab224d839692376961ddf842d2da3ed89993fb1ec0f7e250f23760d524fd2d2f38b47a451fe41f50b6b0f9656d4c6870a0bef

Download Submit
C:\Windows\Temp\{F449F09E-FB79-4B79-BE9E-C55E0CBAEC8E}\VSTOR
Filesize
38.4MB

MD5
72f6a267de1fa813073ded67d952fd40

SHA1
56704865939c2388913d05724632d7b3b67d3cd9

SHA256
729e347df0d99c3d40ed2ac5026f2d629fa001b4c13be57b56e96591ec0116bc

SHA512
c0389abe583f4d86b0e8bb518684095af08de595e7dfab440180786def223dea78e98c809ffcef6b6457c9f07eefb735fc595192c7c37dfd31b2f67d4e9cf33f

Download Submit
\4bf558310b97bded05694853\SetupEngine.dll
Filesize
893KB

MD5
f9618535477ddfef9fe8b531a44be1a3

SHA1
c137a4c7994032a6410ef0a7e6f0f3c5acb68e03

SHA256
236bf2b5cf6014b8ee22484afe172ace512cc99dba85080b082d47e9e189ea5c

SHA512
b85ae1a9cc334e9352c51aa94b2c74c6c067957e0e6021f7309a1c194fc64c0c50bb5efeaef7030e8689d75a22798f74cf719366a2fdcce26e23692510bfe064

Download Submit
\4bf558310b97bded05694853\sqmapi.dll
Filesize
223KB

MD5
0c0e41efeec8e4e78b43d7812857269a

SHA1
846033946013f959e29cd27ff3f0eaa17cb9e33f

SHA256
048d51885874d62952e150d69489bcfb643a5131ce8b70a49f10dfb34832702c

SHA512
e11da01852a92833c1632e121a2f2b6588b58f4f2166339a28dd02dad6af231a2260a7e5fc92e415d05aa65b71e8bbda065e82a2db49bb94b6cf2fe82b646c28

Download Submit
\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\CbsProvider.dll
Filesize
837KB

MD5
299b6b11642c3ad2b17181b35e9dadc3

SHA1
1b1dbccd60304ba0be631db3a190ec59ecc84746

SHA256
45eec38b42144bf80e46ad7356cff12849aa11af45e73174e2101132716d79bd

SHA512
2943af89e024c94808a2428ed5923dead1c44748742acf20b66ff52ba6ed8375c4b7938eb5f79ca42701df07a9b5ba73ae2b18b848adff3aecd5bd3a52b6261a

Download Submit
\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\DismCorePS.dll
Filesize
160KB

MD5
4e43afafe9483d72a5838cdb8ea8d345

SHA1
779d8c234343da4ca7fbdb16b5861eecb025f6e3

SHA256
80e83929245c4377ecc73b7596ebf885d8e919b69ef975701a082d2b5cf2150e

SHA512
22267fe42128333940b9574fc5f5a70f0411280bd4e294bb456f987eb30c5ec1be12f4e5ce44e7007d793a3924032315782eaea96ab18da832ce56c1f0a3fe3d

Download Submit
\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\DismProv.dll
Filesize
242KB

MD5
2737782245a1d166a1f018b368815a16

SHA1
4fd57e0de191c817a733d07138c43ce9a010d64c

SHA256
498c301c9b5dfc36f1031988cb4a440ab17effd606345abd506a807f277b1938

SHA512
7830d377ae880183a2e51a9d557bf0fa324913df28b12f5d7aca815fb2e8a6b0373d76f36877f28cba4ce8bff32da62309fcdcb8ff3930c5f8a54963b7cfdeff

Download Submit
\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\LogProvider.dll
Filesize
139KB

MD5
76dccc4bec94a870cb544ea0ac90d574

SHA1
0e500d42b98d340aadd3e886b0c4abefa8b92bc5

SHA256
53637290e64e395a0f07d7423096ccf341ccdf1dcb6e821f4e99d47197ea849e

SHA512
ef01adbf1dfb3856d5a84512556f38af291c0938c1267c8d627e1205385f7be56b0a7e2127f18818f987b53f0a3f910bc930d692be2a8429d03728d086e91a0b

Download Submit
\Users\Admin\AppData\Local\Temp\A168A8A1-85FB-46C7-95E5-C5152F8B5100\OSProvider.dll
Filesize
126KB

MD5
bb0d5feee5b2f65b28f517d48180ce7b

SHA1
63a3eee12a18bceec86ca94226171ffe13bd2fe3

SHA256
f6c4fd17a47daf4a6d03fc92904d0f9a1e6c68aadf99c2d11202d4d73606dc16

SHA512
d1fc630db506ad7174da9565fd658dc415f95bf9c2c47c21fa8fe41b0dbff9a585244a0b7079dfb31697f14edbc1c021fccff60ffd53b447c910c70de117dc5b

Download Submit
\Windows\Temp\{F449F09E-FB79-4B79-BE9E-C55E0CBAEC8E}\.ba\bafunctions.dll
Filesize
116KB

MD5
e2eac75615e26cc7fad10a841b8f24c0

SHA1
c1ee6e7a9015453f77de1283f71be53a8cc1d45f

SHA256
80a0b4e9f6c140c1fe178b5214352298ee47e6f839688b2f9cc098e3df5bc41c

SHA512
980379563f17e5867e658153506551340ba2b44502aa83a1b19e58a26bae50168ab50e685b7e9f7b3413138136310f151c82f3499be6810ec36de3d6843f9da9

Download Submit
\Windows\Temp\{F449F09E-FB79-4B79-BE9E-C55E0CBAEC8E}\.ba\wixstdba.dll
Filesize
175KB

MD5
8ca04519005ad03b4d9e062b97d7f79d

SHA1
df53ed9440d027401d502f3297668009030350a7

SHA256
7b9f919a3d1974fd8fa35ad189edc8bf287f476bd377e713e616b26864a4b0d3

SHA512
1a29e9e9bd798c892a7cd3cd4ff259195e4a92e26f53e8f1a86c75c5eb8fdda58ceba312cd791651fad5ce04529696195815a4ba5c143ad52a5ea0d7c539bb77

Download Submit
memory/1680-319-0x0000000000000000-mapping.dmp

Download
memory/2104-368-0x0000000000000000-mapping.dmp

Download
memory/2656-137-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-136-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-121-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-122-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-123-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-151-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-124-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-125-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-126-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-127-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-138-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-128-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-129-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-130-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-131-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-132-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-133-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-134-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-135-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-147-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-148-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-139-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-140-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-141-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-142-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-143-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-144-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-145-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-158-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-152-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-156-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-155-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-154-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-153-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-157-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-120-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-146-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-150-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/2656-149-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3144-594-0x0000000000000000-mapping.dmp

Download
memory/3296-180-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-169-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-159-0x0000000000000000-mapping.dmp

Download
memory/3296-161-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-162-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-163-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-164-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-165-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-166-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-182-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-167-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-168-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-184-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-181-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-179-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-183-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-170-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-171-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-172-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-173-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-174-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-185-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-175-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-176-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-177-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3296-178-0x0000000077BA0000-0x0000000077D2E000-memory.dmp

Filesize
1.6MB

Download
memory/3676-635-0x0000000000000000-mapping.dmp

Download
memory/4280-228-0x0000000000000000-mapping.dmp

Download
memory/4508-547-0x0000000000000000-mapping.dmp

Download
memory/4864-634-0x0000000000000000-mapping.dmp

Download