Analysis
-
max time kernel
144s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
10-06-2024 23:51
Static task
static1
Behavioral task
behavioral1
Sample
dcp-worker-6.0.3.0-windows-x64-8a53b1e0c7.msi
Resource
win11-20240508-en
General
-
Target
dcp-worker-6.0.3.0-windows-x64-8a53b1e0c7.msi
-
Size
82.6MB
-
MD5
44976fa50ab3d9d15c04ecaf261798a1
-
SHA1
9bf594905d1406be8e79a7e8f302f09e7bb3b45e
-
SHA256
8a53b1e0c787619cc646f9c37e2ccee0e20c1a9e65dece4e79891f6a0fcdb573
-
SHA512
41aa00163c5ac25ab7f634cb53472cf0bb895d02815426706e45495c408ab17ad5a1209a66cefb06c92fd393fa72480487717d4307d0fe2a8cf671fc8b3a4706
-
SSDEEP
1572864:Rowh66rI4ITxshE4gk17gDsmNL3TIfj1x/yflQiWADgWubAC2By:ftr9ixsyk17gDtV3TIz/klQwA+B
Malware Config
Signatures
-
Renames multiple (154) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\O: msiexec.exe -
Modifies Installed Components in the registry 2 TTPs 8 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B}\Version = "6,0,3,0" msiexec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B} msiexec.exe Key deleted \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B} msiexec.exe Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B} msiexec.exe Set value (str) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B}\Version = "6,0,3,0" msiexec.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B} msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B}\StubPath = "msiexec /fou {5E73C3C5-02C5-4CF3-8916-F16E61D262A7} /qn" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B}\ = "DCP Worker 6.0.3.0" msiexec.exe -
Sets file execution options in registry 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DistributiveUpdate.exe DistributiveUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DistributiveUpdate.exe\DisableExceptionChainValidation = "0" DistributiveUpdate.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\system32\dcp-screensaver.scr msiexec.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\lib\dependencies\SystemRuntimeModule.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\yargs\build\lib\utils\set-blocking.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\regions\GY.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\browserify-aes\modes\ctr.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\lib\WebpackOptionsApply.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\secp256k1\src\secp256k1\src\field_5x52_asm_impl.h msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\iconv-lite\encodings\dbcs-codec.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\regions\TM.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\json-schema-traverse\.eslintrc.yml msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\resolve\test\nonstring.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ajv\lib\keyword.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\tar\node_modules\yallist\iterator.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@jridgewell\set-array\dist\types\set-array.d.ts msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\regions\NZ.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\features\css-gradients.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\cliui\package.json msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\_baseMergeDeep.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\undici-types\header.d.ts msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\neo-async\groupBySeries.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\p-limit\index.d.ts msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ethereumjs-util\dist.browser\address.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\yargs\locales\ru.json msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\socket.io-client\build\cjs\contrib\backo2.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\fp\wrapperReverse.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\regions\WS.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\events\.github\FUNDING.yml msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\.bin\semver.cmd msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\isobject\README.md msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\fp\toArray.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\_toSource.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\secp256k1\prebuilds\linux-x64\node.napi.glibc.node msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\fp\isObject.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ajv\scripts\publish-built-version msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\type-fest\source\conditional-except.d.ts msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\jest-worker\node_modules\supports-color\license msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\keccak\src\libkeccak-64\KeccakSpongeWidth1600.h msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\iteratee.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\features\tabindex-attr.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\node-pre-gyp\lib\build.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\lib\runtime\EnsureChunkRuntimeModule.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\.bin\atob.cmd msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\lib\dependencies\HarmonyExportSpecifierDependency.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\_mapCacheSet.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\socket.io-client\build\esm-debug\manager.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@jridgewell\sourcemap-codec\dist\types\sourcemap-codec.d.ts msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ethereum-cryptography\pure\hdkey.js.map msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\features\dnssec.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\wrapperLodash.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ws\lib\validation.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\hash-base\node_modules\readable-stream\readable-browser.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\polyfill-crypto.getrandomvalues\index.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\htmlparser2\node_modules\readable-stream\README.md msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\gl-matrix\bower.json msiexec.exe File created C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_sw.dll MSI5561.tmp File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\neo-async\reduceRight.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack-sources\lib\Source.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\bravojs\reference\CommonJS Modules-2.0-draft-8.pdf msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@types\eslint\rules\best-practices.d.ts msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\resolve\test\resolver\false_main\package.json msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\engine.io-client\build\esm-debug\contrib\yeast.d.ts msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\string-width\index.d.ts msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\features\wasm-reference-types.js msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\clone-deep\package.json msiexec.exe File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\fp\hasIn.js msiexec.exe -
Drops file in Windows directory 22 IoCs
description ioc Process File opened for modification C:\Windows\Installer\MSI39E9.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI94B0.tmp msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File created C:\Windows\Installer\SourceHash{5E73C3C5-02C5-4CF3-8916-F16E61D262A7} msiexec.exe File created C:\Windows\SystemTemp\~DFB719B806EFDEC7D1.TMP msiexec.exe File opened for modification C:\Windows\Installer\MSI2B9F.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI5561.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI9346.tmp msiexec.exe File created C:\Windows\Installer\{5E73C3C5-02C5-4CF3-8916-F16E61D262A7}\DCP_ICON.exe msiexec.exe File opened for modification C:\Windows\Installer\{5E73C3C5-02C5-4CF3-8916-F16E61D262A7}\DCP_ICON.exe msiexec.exe File created C:\Windows\Installer\e581e22.msi msiexec.exe File opened for modification C:\Windows\Installer\e581e22.msi msiexec.exe File created C:\Windows\SystemTemp\~DFC4B636207C53C0CD.TMP msiexec.exe File opened for modification C:\Windows\Installer\{5E73C3C5-02C5-4CF3-8916-F16E61D262A7}\ProductIcon.ico msiexec.exe File created C:\Windows\SystemTemp\~DF05A50B3B8250A656.TMP msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSI2F1B.tmp msiexec.exe File created C:\Windows\Installer\{5E73C3C5-02C5-4CF3-8916-F16E61D262A7}\ProductIcon.ico msiexec.exe File opened for modification C:\Windows\Installer\MSI9422.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI9935.tmp msiexec.exe File created C:\Windows\SystemTemp\~DF7327BC3D3F8800D9.TMP msiexec.exe -
Executes dropped EXE 10 IoCs
pid Process 4996 MSI5561.tmp 3484 DistributiveUpdate.exe 836 DistributiveUpdate.exe 4916 DistributiveUpdate.exe 5024 DistributiveUpdateComRegisterShell64.exe 4460 DistributiveUpdateComRegisterShell64.exe 2260 DistributiveUpdateComRegisterShell64.exe 684 DistributiveUpdate.exe 1348 dcp-configurator.exe 3956 node.exe -
Loads dropped DLL 18 IoCs
pid Process 3968 MsiExec.exe 3968 MsiExec.exe 3484 DistributiveUpdate.exe 836 DistributiveUpdate.exe 4916 DistributiveUpdate.exe 5024 DistributiveUpdateComRegisterShell64.exe 4916 DistributiveUpdate.exe 4460 DistributiveUpdateComRegisterShell64.exe 4916 DistributiveUpdate.exe 2260 DistributiveUpdateComRegisterShell64.exe 4916 DistributiveUpdate.exe 684 DistributiveUpdate.exe 2036 MsiExec.exe 2036 MsiExec.exe 2036 MsiExec.exe 3956 node.exe 3956 node.exe 2036 MsiExec.exe -
Registers COM server for autorun 1 TTPs 31 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32 DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ThreadingModel = "Both" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32 DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ThreadingModel = "Both" DistributiveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ThreadingModel = "Both" DistributiveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ThreadingModel = "Both" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ThreadingModel = "Both" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ThreadingModel = "Both" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ThreadingModel = "Both" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" DistributiveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ThreadingModel = "Both" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ThreadingModel = "Both" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32 DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 DistributiveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 DistributiveUpdateComRegisterShell64.exe -
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters vssvc.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000000c993a456edcb2280000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800000c993a450000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809000c993a45000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d0c993a45000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000c993a4500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe -
Modifies data under HKEY_USERS 7 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Control Panel\Desktop msiexec.exe Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\SCRNSAVE.EXE = "C:\\Windows\\System32\\dcp-screensaver.scr" msiexec.exe Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\ScreenSaveActive = "1" msiexec.exe Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\ScreenSaveTimeOut = "60" msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b msiexec.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA560363-C9EE-48F9-A0D5-C42A9AADECED}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5CB5A27-A170-432B-902E-150EDDBBB1CF}\ProxyStubClsid32 DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E605C9-890D-4FBF-89A0-4A0851B304DF}\NumMethods\ = "23" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2FD0ECCD-6BCA-420D-9A0D-A4F5D8DF0838}\NumMethods\ = "11" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C978491-79DA-4CB7-A09D-C74E814857E8} DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E73F82EB-2875-4C0F-931B-4D97566E9536} DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA560363-C9EE-48F9-A0D5-C42A9AADECED}\NumMethods DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6AF5D414-E02C-4047-A448-46F7F6785AA4}\ = "ICredentialDialog" DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C978491-79DA-4CB7-A09D-C74E814857E8}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CEEB9852-3DF2-4148-B9EF-256BCA748A57}\ProxyStubClsid32 DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A4EB4CB-6E0C-4D0C-A97F-CD08B6AAA13C}\ = "Google Update Process Launcher Class" DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A403E53E-EF45-49FD-ACFE-2865E7A66624}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{73AAEC8A-6C30-4AF6-AE2A-3ECA2B2D803B}\NumMethods DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{16F6D3AE-4D0A-4EA2-AFB8-16EEC55B90FD} DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A403E53E-EF45-49FD-ACFE-2865E7A66624}\NumMethods DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6AF5D414-E02C-4047-A448-46F7F6785AA4} DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C978491-79DA-4CB7-A09D-C74E814857E8}\ProxyStubClsid32 DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.CoCreateAsync.1.0\CLSID DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18} DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8617C958-0795-4AEF-8BD7-468CAA7D895A}\NumMethods DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2FD0ECCD-6BCA-420D-9A0D-A4F5D8DF0838}\NumMethods DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E73F82EB-2875-4C0F-931B-4D97566E9536}\NumMethods\ = "41" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C34845D-1CD9-4223-AC11-13320F38EAD4} DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.Update3COMClassService\CurVer\ = "DistributiveUpdate.Update3COMClassService.1.0" DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5CB5A27-A170-432B-902E-150EDDBBB1CF} DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A403E53E-EF45-49FD-ACFE-2865E7A66624}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F34AD5DB-3637-4CE3-A02F-829C91EE5BF4}\NumMethods DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.OnDemandCOMClassMachine\ = "Google Update Broker Class Factory" DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041} DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B659A62-B4A2-4A4A-81F2-D9FDC4613249}\ = "IAppWeb" DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AA560363-C9EE-48F9-A0D5-C42A9AADECED} DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27B5B33F-D14A-4529-8F26-3E907F5C4A89}\ = "IGoogleUpdate3Web" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A87A96F-4081-4F5F-84AE-B329561D98E4}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.Update3WebMachineFallback.1.0 DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD8B755E-A69A-4E81-A36A-523A6D5CB7F0}\ = "Update3COMClass" DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED25BB16-6A6E-45CA-8749-5CED3C800904}\NumMethods\ = "4" DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B659A62-B4A2-4A4A-81F2-D9FDC4613249}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48AE3506-23F9-4DAC-B497-476CC583235E}\NumMethods DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BA6FF32-B911-4935-A40F-CCC1A53B9D94}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D84FF18D-48F9-4064-8698-B2C2A329EF4B} DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.CoCreateAsync.1.0\ = "CoCreateAsync" DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.CoreMachineClass\CLSID DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B839611-5B50-4910-99CC-C004B7FA8D0B}\Elevation\IconReference = "@C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\goopdate.dll,-1004" DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9FF1873-1A0B-4F40-9D63-2BAFFFF08680}\Elevation\IconReference = "@C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\goopdate.dll,-1004" DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AA02BE4-4159-425C-AC0D-F379C958D76E} DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.CoreClass DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6AF5D414-E02C-4047-A448-46F7F6785AA4} DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E605C9-890D-4FBF-89A0-4A0851B304DF}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.Update3WebMachine\CLSID DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5CB5A27-A170-432B-902E-150EDDBBB1CF}\NumMethods\ = "16" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6AF5D414-E02C-4047-A448-46F7F6785AA4}\NumMethods DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36D4B3CB-05A5-483D-B904-45FBCE5D19CB}\ProgID\ = "DistributiveUpdate.Update3WebMachineFallback.1.0" DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48AE3506-23F9-4DAC-B497-476CC583235E}\NumMethods\ = "43" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA560363-C9EE-48F9-A0D5-C42A9AADECED}\NumMethods\ = "41" DistributiveUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\DistributiveUpdate.exe DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CEEB9852-3DF2-4148-B9EF-256BCA748A57} DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C34845D-1CD9-4223-AC11-13320F38EAD4}\NumMethods\ = "5" DistributiveUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000CF995-AD74-4D60-BD66-3DDCB6AC2222}\ = "IPolicyStatusValue" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E73F82EB-2875-4C0F-931B-4D97566E9536}\NumMethods DistributiveUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.OnDemandCOMClassSvc\CLSID DistributiveUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{15CE973A-ECA9-4EE3-8A87-31E03541D200}\ = "IProcessLauncher" DistributiveUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27B5B33F-D14A-4529-8F26-3E907F5C4A89}\ProxyStubClsid32 DistributiveUpdateComRegisterShell64.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1564 msiexec.exe 1564 msiexec.exe 3484 DistributiveUpdate.exe 3484 DistributiveUpdate.exe 3484 DistributiveUpdate.exe 3484 DistributiveUpdate.exe 3484 DistributiveUpdate.exe 3484 DistributiveUpdate.exe 3484 DistributiveUpdate.exe 3484 DistributiveUpdate.exe 3484 DistributiveUpdate.exe 3484 DistributiveUpdate.exe 684 DistributiveUpdate.exe 684 DistributiveUpdate.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe 3956 node.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4800 msiexec.exe Token: SeIncreaseQuotaPrivilege 4800 msiexec.exe Token: SeSecurityPrivilege 1564 msiexec.exe Token: SeCreateTokenPrivilege 4800 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4800 msiexec.exe Token: SeLockMemoryPrivilege 4800 msiexec.exe Token: SeIncreaseQuotaPrivilege 4800 msiexec.exe Token: SeMachineAccountPrivilege 4800 msiexec.exe Token: SeTcbPrivilege 4800 msiexec.exe Token: SeSecurityPrivilege 4800 msiexec.exe Token: SeTakeOwnershipPrivilege 4800 msiexec.exe Token: SeLoadDriverPrivilege 4800 msiexec.exe Token: SeSystemProfilePrivilege 4800 msiexec.exe Token: SeSystemtimePrivilege 4800 msiexec.exe Token: SeProfSingleProcessPrivilege 4800 msiexec.exe Token: SeIncBasePriorityPrivilege 4800 msiexec.exe Token: SeCreatePagefilePrivilege 4800 msiexec.exe Token: SeCreatePermanentPrivilege 4800 msiexec.exe Token: SeBackupPrivilege 4800 msiexec.exe Token: SeRestorePrivilege 4800 msiexec.exe Token: SeShutdownPrivilege 4800 msiexec.exe Token: SeDebugPrivilege 4800 msiexec.exe Token: SeAuditPrivilege 4800 msiexec.exe Token: SeSystemEnvironmentPrivilege 4800 msiexec.exe Token: SeChangeNotifyPrivilege 4800 msiexec.exe Token: SeRemoteShutdownPrivilege 4800 msiexec.exe Token: SeUndockPrivilege 4800 msiexec.exe Token: SeSyncAgentPrivilege 4800 msiexec.exe Token: SeEnableDelegationPrivilege 4800 msiexec.exe Token: SeManageVolumePrivilege 4800 msiexec.exe Token: SeImpersonatePrivilege 4800 msiexec.exe Token: SeCreateGlobalPrivilege 4800 msiexec.exe Token: SeBackupPrivilege 1996 vssvc.exe Token: SeRestorePrivilege 1996 vssvc.exe Token: SeAuditPrivilege 1996 vssvc.exe Token: SeBackupPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeBackupPrivilege 3352 srtasks.exe Token: SeRestorePrivilege 3352 srtasks.exe Token: SeSecurityPrivilege 3352 srtasks.exe Token: SeTakeOwnershipPrivilege 3352 srtasks.exe Token: SeBackupPrivilege 3352 srtasks.exe Token: SeRestorePrivilege 3352 srtasks.exe Token: SeSecurityPrivilege 3352 srtasks.exe Token: SeTakeOwnershipPrivilege 3352 srtasks.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeDebugPrivilege 3484 DistributiveUpdate.exe Token: SeDebugPrivilege 3484 DistributiveUpdate.exe Token: SeDebugPrivilege 3484 DistributiveUpdate.exe Token: SeDebugPrivilege 3484 DistributiveUpdate.exe Token: SeDebugPrivilege 684 DistributiveUpdate.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe Token: SeRestorePrivilege 1564 msiexec.exe Token: SeTakeOwnershipPrivilege 1564 msiexec.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4800 msiexec.exe 4800 msiexec.exe -
Suspicious use of WriteProcessMemory 49 IoCs
description pid Process procid_target PID 1564 wrote to memory of 3352 1564 msiexec.exe 83 PID 1564 wrote to memory of 3352 1564 msiexec.exe 83 PID 1564 wrote to memory of 3968 1564 msiexec.exe 85 PID 1564 wrote to memory of 3968 1564 msiexec.exe 85 PID 1564 wrote to memory of 3968 1564 msiexec.exe 85 PID 1564 wrote to memory of 4996 1564 msiexec.exe 86 PID 1564 wrote to memory of 4996 1564 msiexec.exe 86 PID 1564 wrote to memory of 4996 1564 msiexec.exe 86 PID 4996 wrote to memory of 3484 4996 MSI5561.tmp 87 PID 4996 wrote to memory of 3484 4996 MSI5561.tmp 87 PID 4996 wrote to memory of 3484 4996 MSI5561.tmp 87 PID 3484 wrote to memory of 836 3484 DistributiveUpdate.exe 88 PID 3484 wrote to memory of 836 3484 DistributiveUpdate.exe 88 PID 3484 wrote to memory of 836 3484 DistributiveUpdate.exe 88 PID 3484 wrote to memory of 4916 3484 DistributiveUpdate.exe 89 PID 3484 wrote to memory of 4916 3484 DistributiveUpdate.exe 89 PID 3484 wrote to memory of 4916 3484 DistributiveUpdate.exe 89 PID 4916 wrote to memory of 5024 4916 DistributiveUpdate.exe 90 PID 4916 wrote to memory of 5024 4916 DistributiveUpdate.exe 90 PID 4916 wrote to memory of 4460 4916 DistributiveUpdate.exe 91 PID 4916 wrote to memory of 4460 4916 DistributiveUpdate.exe 91 PID 4916 wrote to memory of 2260 4916 DistributiveUpdate.exe 92 PID 4916 wrote to memory of 2260 4916 DistributiveUpdate.exe 92 PID 3484 wrote to memory of 684 3484 DistributiveUpdate.exe 93 PID 3484 wrote to memory of 684 3484 DistributiveUpdate.exe 93 PID 3484 wrote to memory of 684 3484 DistributiveUpdate.exe 93 PID 1564 wrote to memory of 2036 1564 msiexec.exe 94 PID 1564 wrote to memory of 2036 1564 msiexec.exe 94 PID 1564 wrote to memory of 2036 1564 msiexec.exe 94 PID 2036 wrote to memory of 1348 2036 MsiExec.exe 95 PID 2036 wrote to memory of 1348 2036 MsiExec.exe 95 PID 2036 wrote to memory of 756 2036 MsiExec.exe 97 PID 2036 wrote to memory of 756 2036 MsiExec.exe 97 PID 756 wrote to memory of 3080 756 cmd.exe 99 PID 756 wrote to memory of 3080 756 cmd.exe 99 PID 3080 wrote to memory of 3448 3080 cmd.exe 100 PID 3080 wrote to memory of 3448 3080 cmd.exe 100 PID 756 wrote to memory of 3008 756 cmd.exe 101 PID 756 wrote to memory of 3008 756 cmd.exe 101 PID 3008 wrote to memory of 4204 3008 cmd.exe 102 PID 3008 wrote to memory of 4204 3008 cmd.exe 102 PID 756 wrote to memory of 1420 756 cmd.exe 103 PID 756 wrote to memory of 1420 756 cmd.exe 103 PID 1420 wrote to memory of 3552 1420 cmd.exe 104 PID 1420 wrote to memory of 3552 1420 cmd.exe 104 PID 3552 wrote to memory of 384 3552 cmd.exe 105 PID 3552 wrote to memory of 384 3552 cmd.exe 105 PID 1420 wrote to memory of 3956 1420 cmd.exe 106 PID 1420 wrote to memory of 3956 1420 cmd.exe 106 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\dcp-worker-6.0.3.0-windows-x64-8a53b1e0c7.msi1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4800
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Modifies Installed Components in the registry
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1564 -
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
- Suspicious use of AdjustPrivilegeToken
PID:3352
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding BD8DFA545F0FD2F9BD13FA7797F14E8D2⤵
- Loads dropped DLL
PID:3968
-
-
C:\Windows\Installer\MSI5561.tmp"C:\Windows\Installer\MSI5561.tmp" /install "runtime=true&needsadmin=True&usagestats=1" /installsource enterprisemsi /silent2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4996 -
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe"C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe" /install "runtime=true&needsadmin=True&usagestats=1" /installsource enterprisemsi /silent3⤵
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3484 -
C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe"C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe" /regsvc4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:836
-
-
C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe"C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe" /regserver4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4916 -
C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe"C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:5024
-
-
C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe"C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4460
-
-
C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe"C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2260
-
-
-
C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe"C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy45OS4wIiBzaGVsbF92ZXJzaW9uPSIxLjMuOTkuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntFMzQzM0JGMi1ERDMzLTQ0NEUtODVGMi03NEMwQzc4MUY1NDZ9IiB1c2VyaWQ9Ins5Q0JGQTQ2My04OTczLTQ4QUItOURENi02M0JFMkY1MTYyRkR9IiBpbnN0YWxsc291cmNlPSJlbnRlcnByaXNlbXNpIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins5MUFFREMyQS1FNTEzLTREREMtQTdFNy0yNTUwRThDRjc3RUR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7QjM1MTk3MTAtNEQ2Qi00OTkzLUI0QTUtOEFDNEQyRDQ5MzhCfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjk5LjAiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNzA0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:684
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 4626586F2BE33355290204C8FB78B700 E Global\MSI00002⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2036 -
C:\Program Files\Distributive\DCP\dcp-configurator.exe"C:\Program Files\Distributive\DCP\dcp-configurator.exe" --set "" "" "C:\Program Files\Distributive\DCP\\"3⤵
- Executes dropped EXE
PID:1348
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files\Distributive\DCP\dcp-supervisor-setup.bat""3⤵
- Suspicious use of WriteProcessMemory
PID:756 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reg query "HKLM\Software\Distributive\DCP\dcp-client\dcp-config\worker" /v defaultPaymentAddress 2>nul4⤵
- Suspicious use of WriteProcessMemory
PID:3080 -
C:\Windows\system32\reg.exereg query "HKLM\Software\Distributive\DCP\dcp-client\dcp-config\worker" /v defaultPaymentAddress5⤵PID:3448
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reg query "HKLM\Software\Distributive\DCP\keystore\default" /v id 2>nul4⤵
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Windows\system32\reg.exereg query "HKLM\Software\Distributive\DCP\keystore\default" /v id5⤵PID:4204
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c call dcp-supervisor-keystore.bat 2>nul4⤵
- Suspicious use of WriteProcessMemory
PID:1420 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reg query "HKLM\Software\Distributive\DCP\v8" /v "options" 2>nul5⤵
- Suspicious use of WriteProcessMemory
PID:3552 -
C:\Windows\system32\reg.exereg query "HKLM\Software\Distributive\DCP\v8" /v "options"6⤵PID:384
-
-
-
C:\Program Files\Distributive\DCP\node.exe".\node.exe" "dcp-supervisor\keystore.js"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3956
-
-
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:1996
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
284KB
MD5594300d1cc95b4e44b6c040e57d824de
SHA1b1916f714dc1fb47b11138fc191635c17209cc8e
SHA2563d6152060f3b0f656b853496ad81d3608ed4e4562591670dfbded8f866ef93aa
SHA51265dfc4a6276d6cc16148d61b16cc2ecb8c42722ba06d51c7c7ea3a053190356d5fa7a58fca5c45533390a6a5107718fc3f1790dae5f9850d8bc0d905c820fa05
-
Filesize
375KB
MD53c15413c7b5e8b8185576fb9ff43b960
SHA1aef99c7a77999c49a6beabc610c2cab219581484
SHA2565eae3a3570ed2c34a4be01a4e661e743cc455d89c14aa5edd4f05bf16cdb4509
SHA512423a71414d5cfeaf24754f85c1231f5a3c2f65a85f13cca7d55edcefd04eda1e71b11269f3005a2b945cabb9850b1169e44b5319e9e2110cc0674c872e3da25b
-
Filesize
163KB
MD560d3870900fd35e8daf5966ce006cda7
SHA1877169685f0a855144908793d10b4134808ca441
SHA2569bb52ce0fb2aefad058930790eaf50da3476cd5a749d87b00c3e0882a20aa453
SHA512239b6fa51d9f0668d9da9d6ec0b0bbdbd39bbd8fe06055f55b2ac8d13c804a65beb85bee11f9d4e53280344fa185892da1eab96a838a3a705ef0e747e4257c3f
-
Filesize
183KB
MD5fce3633181279f9515ce26b656da02bc
SHA150c9b881051487466063892518727154524c6eba
SHA2561687d1c080ad85104ee122e99ecf8022cbca750875aa5d87f41b25e148c9f70d
SHA512df48cbf7a5e76ee9d296084ae9139962b1c576bc243214f9718fc90b6f9b4d2cee0865ba13d90b2d9756055d212fa5d9816755abef31115626fefdee622a03e0
-
Filesize
207KB
MD5ce5c61b614321bb5a3cb04c91d279806
SHA1bf990b1e7687d9cffbbaacd1fa44b14bcb48a6e7
SHA256de62b279f331e18ea9174710c2e0935ee071f1920ddca535a143611e50aec492
SHA51289c95ca002809ebabda0e770bcbe1763b1f1417d894fe58dcdb8b057a9a4ac52c8342f242d644fe9049862742099d1250575f0fd5d6e946801543d73306cf6a3
-
Filesize
1.0MB
MD5eb17ccd15d1d64904e9ac4c9c91292ca
SHA1f80b3b91b19d78d3995fee25cb9f5fbe175654bd
SHA25634a20e85130132ffe5e47896539977d3d17467dd527040cb5be659605d5945ed
SHA51214adda4a08a7894776a7cab44c852be5de2bd52f4a2b9184124ac928762363992612fdfcffbea19b361b8d720266654c4464f2b5ef76db6aa40ba4da1816e51c
-
Filesize
45KB
MD5c6f7c280f2939fffbab6a14bb1b4fb5c
SHA103ee0a4fb2c9657ad06ad9c6476d98fda619d97c
SHA256a0c714ca4f3f21e9da84f7e443ff4f286f756997a4bd10473957ab08720d3f8a
SHA5125fe938cdc33c94d2dbf8083da2c1af60dccfe376df66fd841407963b58b4b912f3d6367896d76902dce96731d1d6a1de22d8d7938bd0dd0807c91c596470492d
-
Filesize
45KB
MD5bdcccdb5d1271f513489822d9fd4e57e
SHA16a4b60ab3c9d7d0afa756e43772220f617fdb33d
SHA256ca24a9dc26c48c9042713c3ef4ecd262c3cf45e054d1e23ec6c62171e4880bd0
SHA512e6f0cf4d7bf98667faa96be55b08a7f951971844252524642777e3d551a22b2659620ac81f80cd72871c0f6746cfcdae519a5ad961feda36b66f74e7b163da13
-
Filesize
47KB
MD541cfe56780117253d083ecc71e1f8ad4
SHA1138a6107efc05ff5802b0a734c817cf945d6dc39
SHA256669e3bcbb20871a0c5b02f4ca31bec1733abeea947c9bcf5414eb8380f7d18a7
SHA5123665b4c2cac54db5f11c738621fbf454672c0f0b94320d48b88adbd3cadf83215d5733b58eade9f09517088ea0da432547b2f1d4d3580c37511c11b10d93e8bd
-
Filesize
48KB
MD5555ed1a7c9bb55a39da534833a722989
SHA1225d3a7fdf7726bd06b6246dad98f5c53fa009ed
SHA256cd5ea9a9bc626629b999f0c8c93c2f851e85ec18945f0514be7903399a3ac7d0
SHA512fc959e2800e1596c0c8ea00789d0a3d96ccf06ea23efce928a429931f19a9d6d8545c6b57a2280c2d755e712a114493603659179999edc160925e8d07e041a2d
-
Filesize
47KB
MD5ad8963cfd3a98edb2f78851d77afed3d
SHA1617dc8fd40cc62af276558dcb6be62ec22319721
SHA256bc1cafa869af022312a666646fe4a01a44244a6e03dc1f70f6027f44fa7447b4
SHA512c49721f43d7e73b1fdbc990da7e1ef0cb746b524b16b85b65aef1ace681c2f7a36697f57f4168a50408d2f3f3eb4d70c9293dd5e5257db0fdd14f088ec2d9aa0
-
Filesize
46KB
MD5797ed39702f719e43d8ef6a6baed8a57
SHA1022e54f0058b4cf0849ac952936a213f4c6ceb31
SHA2563de8b7e9742fb7d2c9d28bb5cd8f9fc2d194201d4b31a9fde06809189f3d0871
SHA5125155e0f216f7139ae59478caa7eab2ceb94f3b27bc8c4d8d3ba8699d1e2e6906c1d8b5a8567736b53e01c79da75f70ed74e3f843a024fa944493b4919365f48c
-
Filesize
46KB
MD53bd1a87c818b007a7b349cf46023df8a
SHA162a4de61ad01ef75907c47dfd6a77a226e955042
SHA256ed55e02334dd4f8e85612997f49ebcb23d43c449599ae129bedb78b96f06af3f
SHA5123323d459b3a6f6699705a7d3aacb0bec32d7fa47f4cfc74ad8b242cfb7cab9af0463f232bad26795bdce4681708b5f9d233afc8a490df1b2cf66af4fe1a57a18
-
Filesize
48KB
MD538db93a526841ceebfb6220423da362d
SHA16c27b5f592329e7ab4c6df91ba07d2048a604ae6
SHA2561f493449ccf7664cda6b723e60f79ddb0513f13c3e531e5229bcacb6acf59bea
SHA512b5914bd7407b6afe2a66eda038c5f207b1b8f67984124692214f564e135fb6da8f629867339f8c4d7c390c0ce1bfc27aabec81025e70f7edb400dac1ef1df21b
-
Filesize
48KB
MD55664568f0cb8a5bfdbde3c290c9e8f8d
SHA127dd1d667db5011e1d75d76c20b13203717f8082
SHA256fbafaefccd5c8c94b1b18cdc1c606710719a67c89d6674dd42ea07e7a58c65c4
SHA512b537c6d4346abdfebf204ccab6b4d80fd5de1c0a2625322b4e773b0c0284b8d0372a606b529e7f3433bd4ce6c2676c7db1703f9e515d14bfc85316380a8b7354
-
Filesize
46KB
MD5cfe541c7e363602e714040cdb550843e
SHA185634e523fcb1008adb789904eb52af945207369
SHA2565629113ca8ef5abdd610c4505cf1417a3fa6d951788a852672cba57c774bd6b3
SHA512d00084f155bd9163edcf4f13192d17f034c1b478c9e5ed002c699db85342d7cc207cd2fd3a3a359638103c7ab221e3fb195137d31ae23445f906b65605038ec5
-
Filesize
46KB
MD5097c46068d821485a554c2d3df3a69a0
SHA1d272f5b7fb80963b605fbe9a2954edf5741e3ddb
SHA2560df34914d438bd2d2408f7c1efb3bc5e40a4f74b1864de9e88f4a18ca612b5e8
SHA51283aa23a758ecc6aeba0b10fbcfe327901b0f4ddd03988b4fe814f5c48a8ad2cd641ee0c13d452d25216cd60a40e4a5668d8ac65c1770d3d3d1cc310e88aed066
-
Filesize
47KB
MD59575d43932b581de1656f3f25138bbbd
SHA16074ac514180dbbb07d7c1aa1252691bee7f137e
SHA25609e84f614815910038b46b532b18e4f2336c26bfd029ac0b995208a790e2e496
SHA512c7405704f158c7f0d9b739547072d3c71ebe3fb41e67f61a30ec4989b08566cf8f1589e62d6d310facd03b6c116338321000a205e7a34fd5a8f2f64808df1122
-
Filesize
48KB
MD59b90f39c6639be7643e944f669d08893
SHA1199ce69dc4c663f501d6141cda0fb731d3cbe173
SHA25604320cbfefe9f7f4a67690c2863c6e2727c793e0c949e6d880ebe828bf1ab5d2
SHA5123e15aa59c197b7279c68dd4d0f02a73e87cd22da1c13ea35dc6e1cc8462cea42570eece4d836c99e88a97146833800026fa6c83e495645e6c32f3b6377caab67
-
Filesize
46KB
MD5c89d4dfa4b02860e57d5cf8f834ac7fb
SHA1997b19cb9ce50689847f65ff7c43f26b54057fab
SHA256604e8f115462a1d02d702c0fa39c70efd7329d7ea3d9bcbcee4263cf7a177ff8
SHA512a9fbb418a62e309039ecfc0557fde57b7896b42356e9f29a74e65069426790bd45aee11124f977546383d1ed677cfefbf52dd3396f7657e61cefbd3ed505a1a9
-
Filesize
45KB
MD59e04f506c3ab56af93155249e0a3345f
SHA1cac2db5df0c6a9fd1761079421154d07eccfe018
SHA25677693e4da8140844ce06db9ed1b77998923dfb163ed07a91d94583abc1104290
SHA51258ff51e229c1c3824e526869bbec9475eb2ec9a9aa0591d425616a21d15aa0f435921088b0ff7a9a81b804792aed4dd833bc26d067fa5420ce4065fedcdf3fd2
-
Filesize
46KB
MD5c2898309e8762751aed67dace77a891a
SHA13ab4944a404c027e592d5898811be1d38a7cb206
SHA256c980b289b836b5ceff79007ff5e2297c50d797e4b5ed42263e7f2328d5392679
SHA5127ec9ac4b98b9b8ce03b959d6768fed60b1907c06500f271f4cc128d48473c300da65e4e1af481023447ac76d6120dff753f201dcc6987a42ee9204278bb40bc0
-
Filesize
47KB
MD51c7fd68b119a0ebc9cc4dc527a915f9f
SHA160e8969ea6253ede57654feca8d28261ea7a6972
SHA2564a33c15ab1a4e0efe23b241ded92418c0e5ac12db6cc0d785800a7f1d93bb728
SHA51266f76e647c9234a3c33739df4990f3af06af39b6d7736d3ee76cb05970d065f656011147c94f6721e7be3bc62738bab24a91caa9489ccef4ba7f26eee661e503
-
Filesize
48KB
MD5236b3efa2e86006e2bfb445a4fb1ecb2
SHA1cb7fdbba4e586a10c8d9c8648883061d5298cdb0
SHA2564939d0f564fd60c5f8fed45a67ba9f18d0832c125b9a9a98404c8709d8b0c3e4
SHA512208d070c2cb1acd5e7841c0e84659be3a914e00fef0467dbda77018988109b702909919d6a1a500371afec29d093c7f553ca2440513dc733d537102f0ed2bb89
-
Filesize
48KB
MD5c4e6b57a0226584073586e99cdfa3b50
SHA1cd99e6841dcbb1124e9b6f127bdd298e0cad00c1
SHA256a6ca3d56e5eec3ea6226582105d0c9fc27adcd988589f45eb2bfb8c02631fb7f
SHA5125730076281e2d2f70b5c86355012ef9578ec9593a7c74918a4d16204d78371d48c8881c82d1b1d879ba869ff4174a4e17e294767d837605ad6841fc988fa5f16
-
Filesize
46KB
MD5522d7f2b8e4976f84c2a68b727914b4b
SHA1ad543087b4ba70c15ebfb323b8c26e3065f1cd55
SHA256fa2eec546eff376cd011812465b39ea3fdb9bc31dc112bb32255fdadab906ca3
SHA5124ef113bf30759c83e129aadb640d61ebe675408035d156ce2065eb9cd3c7be4e369074ab2230ba3f4b711686701bb3c794cf6ce604d98fd3da29f89c204ae163
-
Filesize
47KB
MD522e9292f6e5cc9540ee07eb87c2b8f8c
SHA1f762af6ca1aea1f41723d2426b00de3be15f7447
SHA25643e8ed0a6f7bbf21531e7cdca058305c31201206b76f2059561d42dd134e3a16
SHA512c5a6119acbf56f9098e46477c09f3f94ce063dfe30115c2a8e3ea0edfeef89929263fa15c8209078493102aa95eac711ec94cd489f69bbac0e3d6d3c510fbc51
-
Filesize
47KB
MD53cc0bf341be378594ab251acbc89d9c4
SHA1456e4e1def91733ebd5af6d384d1ee03940deeda
SHA2565691bf7b83e6d5c83f964ddb50f68fdbd67b749894a378ec5e53af58a89756f2
SHA51245c66cd18662063a9c49e9295fd572fd169ba146d1fd5547e2ec2b290b86528ffb2087cab4ed600fe92d586b1a479da2ac14485dc9225a5d355254c97219e46e
-
Filesize
46KB
MD5cb17bede0af90f6738385df6af6b8a04
SHA164956abe8d792361402e63ade8b35ecfb2b94e73
SHA256938924017e3fb404dab6b30f42adf1403f019a4509234bef36cf9019c6af5843
SHA51210974b4bef2492edb9f7721e486ca13f95536d80bf67f55258ab64eeabd3213c25ebce4de6acc9e76c967b588e2ccedab947696c53e46323b5ac6d9638706a68
-
Filesize
46KB
MD5070009daedea4df50f5fbad2c4449ea4
SHA11f47f4c9e1f6eff7d6cb7cef93263434a0d87833
SHA25643cbefe6e8f803b31f4bef6b569e4a3f06e3794977e186ba63b22d2675ed66f8
SHA51204f1352e36ff9ba2c690520f0402620afbdbaf2600db1af96248481f298adee3d71572e4ba8182b1ad94440aedfa26d364ba3ce262e18f140d073d8b984129d4
-
Filesize
48KB
MD546bee30ae911957b24e9d1dbc404ebb5
SHA1bc9882b5e62d1eba5e2449fa3b2305b068b0268c
SHA2562572bda09a6eba5c79a588712986e7bf8dd47310ac94dc437aa92d87c574d554
SHA512d2f3556613bb69986b9c2a716b18dc303eaa12dfe09c198e8cf1e5f9007f1b5c40d13b750e73157e5239fe619d664be5ac87269f19e30ecf65302c1b0aeeecf9
-
Filesize
44KB
MD51150aacc8443e7669a704b9e5057e593
SHA183afcb47d597b7a8f45865ee5978c935c37e9b09
SHA256203922a7782537b382dfffafc2e8dea16e5d0988ed4008efc1d5822080844173
SHA512cef3e0a90713fae37ebdf7d92aa3f066d21aa28f58ddad19dd3a382ed8b8f1e2844d08be6c1551ab4808b1a96993fa005768867bed8bb462d70d1b73aaf3af3e
-
Filesize
43KB
MD56dd4e839124042a0cc403f1de1fe3916
SHA12b9e673529fc3c747733d8e4f373169ca90ce903
SHA25688b1ae891d335b6b42c01117ab80a21d882fd006c40f2336495dbd484df2e0bc
SHA512ac80e1f454c7a5901671e95dfe29ac9f5ee41f91b0d263516807f1346207145396630a2678902e101b7e69666516360c98a1d3f34914bb0ae05d8ddb3cfae630
-
Filesize
48KB
MD538dc185feedf909eb80d2289b5a00456
SHA1aca01b54beba723dad3617f5409f5af426315785
SHA2563fb98a41857aa34fe7af3e76c71c77c7d76acac2597a85c318cd7e0a5ec4888d
SHA512f046b131cca0e130cb8fda392884cbe47f88bf7029045a1db6ee398ffb9433ceba46410920e7bce7faf4d055c86cf405637c9e62be718c7ec1c7ccd6cf6f1aae
-
Filesize
42KB
MD580098606e566e046ade990ff6431b937
SHA1f42910914ebd0d243ba0101b8d8ece7f597623a7
SHA25698c8a8cbf7165369ba724dd96a6dbfb5a1fca7defe103faa517158e77f59306c
SHA5128bb5832c87818d13c2e2a7335cfa455c69da87b321ab00c67ec86e6d5cf92e97f732ff314cb4602b6b8a50ecd04381656172f4cce97efe8e2d38cfdd041da152
-
Filesize
46KB
MD50e63adeeda330ae72d5dae05d2ab1879
SHA1b989dcfb6cf47ea4969fa5378cf6c3f9632ef0ef
SHA256ce6a507206bb2109eadabfb2445eadef364b847b517da37bf09cdf3e9dc38cc4
SHA5126b5d0cc8f6218948cac597b544d227ae8cb1ae844f48b5c557b7657644f37e820d29dc95aeb25759b3486f6f86a748536cc3e5d215bb7f21b131eedaf4e4c7de
-
Filesize
47KB
MD58b5d9a154e9cd7e1a66e66c9d46e09e8
SHA1258448c72a8964a2d71c0e3374ba6381d22d66eb
SHA25611e12c71f1b00f9c2d400cfbeaf83f9a58578658ffc67c2800c203370783198c
SHA5129f31265b17532c233b4c89ff07d2de8c6e3841d73e16f70fa9cda96350d83b98fe1e3bb6dc10eeba009224f7c04746d19feb6c2567008844b274327a48f612ac
-
Filesize
49KB
MD5c258e236d885a9fcde469adf91aa4980
SHA1a28e6d0fb1a845f6a8300b2c119faf8f40960f33
SHA2561621465d4cf71952f5e27e4d27978428440755711ac72d0b51337d726c92268f
SHA5127abeec6181b3c3367547927e6e886bdb96729abe8ea45f90fc24ae1422d94bf91d18ef7c532d329832d62a75bef7832e5a82516ea0d10add6f8180640e81139b
-
Filesize
47KB
MD5b4e8704c34e41fc245c653dd6ef5a34d
SHA1604ff01ecb58406468fd13db35fae4be7d26786d
SHA2566e2511ee1790c696a81298102dd4591320e6136975545fdcf10faf59aba7b4c2
SHA512ae806682693a208f8e490e769279e22c2bc01e3f47cbff50c27674294375374fc3b64c9c5db14d7371d16c7a78320fdf39c21714b9db43eef5262747508ac4de
-
Filesize
46KB
MD59e2c58a21b200dff77ea0c8051b77702
SHA1fc5dc409694e3155568aef95ccefca8a9b679cb4
SHA256fb5c885d49e5aa448a1cee7098f65f13f64810dc15968d2b42142e97fc888ed9
SHA5127b8b07fc8b2aa452864e9addbfeb69a0c07bbb17673b966b9bbba257c543622a3d104d2be5fb4d24ae022d3b444992b77f3a3b17dd07f7bbbe6a55be3b01ed27
-
Filesize
47KB
MD5ba8299ea5a159726bcfba7740a883520
SHA1787af1a577fa1ee7ce0f2e740e286bfdef42486e
SHA256384218bcafe5f8926dd228dec2180f87fb15f5efe67c3af3f793490e09750ff5
SHA5122679177cb527872c1fb9fdbd6e8f5db43f2422394a4db5ad185776f762f53dde7e45085c0711122d3e9d374d74c7bd6e5bcb433ea6c6dabde8e2e58883eb5f84
-
Filesize
46KB
MD583a8c8af786efbb5f79c9cbbb3800858
SHA1ba0733ebd2c4f33edb0dcaba63160d72c535d8ac
SHA2563f353bc3d33418e9dc5c31822f49dd31623fde2d426765cc53a9d7392ffd0998
SHA51203d1ae8efbe1037f8a3f795c0a2949217c2b8aa8b7b2aea66963e48d07f46dfdc20e1d81afe5a2f7e5a4fdec3d18ff8dc16bc0451bdef1f0c4510c4a22e67e1b
-
Filesize
47KB
MD516b02f0119dd35bec832c343013b5899
SHA1f2e41de38cb10e603eb5c172963ccc3dd0c677de
SHA256359d95c1fa5fd48466a12f3c73f0030988a405413de27a7c3216dc66f1bc5bec
SHA512953c66e60faf9e34d566676995e17725b73c06397925538b52891a18f2e1f4c6a9566246647c30d23d1ba4639825bda099240293de874ad939bcea9b2b75f9d4
-
Filesize
47KB
MD5b38a8c92361c6774af2db4f0f8563353
SHA18ad58de8f45f6b5bde14964949bddc9ad941f2fc
SHA2564aa5c29cd40d46f87e693a5181013f14ff83e00e830b661e9a0297268f7677df
SHA512fcd6cb1a8aed0cbbea00f793cda702f40d3f63c2d81b71f6cf8644cec7d6f95d41505c1b1a57e00f08b637b95262f1c1aeec8042d9e47a52e2a266228ce55d8a
-
Filesize
47KB
MD571146a21c465b0fcaeb4e6b10ce2aabf
SHA14679c7f7a0c19b37d6e08058fe566c15c2c428c4
SHA256791fcd221a7a281e3bbd48eff27d1cd4e9531553b3e629cc49dba599b284ea3a
SHA51224aa5012868c0c8d0f3333d6cec4ebd4c683795cf05ceaa08c0b546db222d1914251664570d2e5abbd8d0947ea46f5c722da9a36f9d5b2276df5c72ad73e84ac
-
Filesize
47KB
MD5b5889a4d20545d3c5ea71fcb7733148b
SHA1bff878fc17fdd7cf00ccbffb951dc2d3d142c7e9
SHA2565de1c6cb9713a14af0089b4f2faf4acd2c3cd2eaf849177d320b7737091857cd
SHA512d8aed1b1dfbcc6f50a1496a38c7a0dfd4b71455616e9683310ed1e9946a4893e1a7a4380ee08b891c55bde5c0f652143017e5b376cea7ea53e45cecdce0c548e
-
Filesize
46KB
MD5a0db653f9e370f1e2fe8101de5930238
SHA1ffe6903a2274b99f6b474c71045a929f63113242
SHA256504138c172fda433b6ef38f9b99515200cf6d2700c28d150781b082fb6ceb23d
SHA512043f93df0d28497703a85dde1b1fdb7a8f97ae10d450460ab2e0decc2fed940df14c9bbe04dfeee7c2d5ef7a1abe08b77f8eaf4fb04c5b67a6dc98b329cbc561
-
Filesize
46KB
MD588f73b214e0bc2a133201883944aa26b
SHA192d85159b889ad29805fb8692a85e645c1068422
SHA25626fdefffcf5a603418a95295bf31a99bb0022b9a404d3d9da851ec0227da7634
SHA512ccbd78e70ae574409478a8aeacd8a62d7dbd6d85ffa008b7091a1a4673183fbfce265b8b6f3cd930525cd92ced4e088cceca4c2c010bc87dd872ed284fdd3616
-
Filesize
47KB
MD5dc4d6deae888b66a16e9c6b9b0627ae3
SHA155169115de150c4e0423387077aac7a39e2be579
SHA2564e0d9b696fd050c953264d003bda306aa75c47df8b91ebd2803d08a3e96b1807
SHA512fd9654fae0a28e5b715416fe83a5db5af0381aa41dd2c2c678a27b59e4d1ad3205f5bb85e979068773178b9836229586096a542f3f642fcb1a37f7184b5fa0ff
-
Filesize
46KB
MD53ad69a41f6ebab0f900d8443cdceafbc
SHA1e88c94a3917bdd0cdc6660a40b4cb83e18c15a1c
SHA256d7ce1de5204234f590e73d390fa8c83abb173db2f67f14370920469a2b4f76c0
SHA512fa461c3acefbf15f2031fe7739cffca83e4aba8806d94fe26e053c136c0f1f60e9ccd597975d58fb9c7ff9b9dcca943a01a34924c0f46df4eed999516ed8c59f
-
Filesize
47KB
MD503ca635d7e3c35b94d232ad66e785c26
SHA175a11d2c74614187a69d7afd3fbee0823f397966
SHA256d7fb94e6a9d96235f6d8940a1f4c209f02cc11b8497fc44d2b3cb525ea1ba53b
SHA512ef6d362598cea2891b1246a4dda996139393f4b304724b8ebc7398988ccef3cc6c2c828a946fd437cf579854ebf1083837c1d26f6c59372c583bd3e10860bceb
-
Filesize
48KB
MD5dfedc30b777104d514922fec531e496f
SHA18758310f2c06a54995610262ad2947bc96105cff
SHA2566ffd9e40238c46458d5285519d7fe1d6e8df14d744c488f19a65bf5b0b7cd68e
SHA51277b8501c3394540724c980cfec27817cefabfea002db3df1f2cf4b52df3c1c08d7c33ecaa4e48bae2a4b94e3d3df6435c0ede94ff31bafe7251a26b8f8ab656d
-
Filesize
48KB
MD520afb56746e30d5a9e94bbf21d9ee3ce
SHA16ffead19533b4473a9cd18d91205d42831fa4cfc
SHA2565441a3d2806855824885f89d36644bf71441f333e63f00a00f0820a45b9a50e1
SHA512ebc146888750a7b3341aec6e678e0a605b4b902242424be78595bf5371cf57ebb0b2554bd89a07b649e2076f15f838a11c5f00f9362f61c724e5e20d59542feb
-
Filesize
48KB
MD5d16bf7d131f25276f4dbc3b0b65afcc3
SHA14ea64211a55cfe0a0ac75c9be382a29ba2e4c1c6
SHA256f885d8d3cf60219fb8c1bc526ef2e8cd049502a7b1ed4145e22adbbbe5f3f364
SHA512043a670badd9672e0847f1ae473f9bc014955fdaf18f1377a9a1f3b6b23b0b4f338c271f0d43f826f4a5fe2e03edaf7c20849d91033ca5066af5025a7818b97b
-
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\engine.io-client\node_modules\debug\LICENSE
Filesize1KB
MD5d85a365580888e9ee0a01fb53e8e9bf0
SHA159e43165aeefdfe28d5e497a0aaef79d6d622af0
SHA2563a61c6c96caf5c1d9b623fb9b04c822b783dfcb78aa7e49c76a3f643e6ed7f95
SHA5123489ec3783403daa899ec5bd89d8d23a7386ab2cea6243ccccb23d2cd7a69c735f2852d66a6c3571d22a7bf724823173c8c115c4e49b9120331638145e3dc058
-
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\engine.io-client\node_modules\debug\src\browser.js
Filesize5KB
MD520bd9fad97b79a0a28e550ade5cd3ab3
SHA1e63a38b9e85d1d86dea2e02c6f885fa001b49d34
SHA2564e3dc6d0e1db58a0d74206b443f35582d3b717be56a0f6d030c34af6c2ad9f62
SHA5126905ed5f21c03abb872232b8356cd40ef3a8d095e2b944049563f87b006a4d480d7b4f5b58005f5d5265ab8a08ff0e3861fe342da060e5b73e45472391d3d47b
-
Filesize
1KB
MD5d4a904ca135bb7bc912156fee12726f0
SHA1689ec0681815ecc32bee639c68e7740add7bd301
SHA256c2cfccb812fe482101a8f04597dfc5a9991a6b2748266c47ac91b6a5aae15383
SHA5121d0688424f69c0e7322aeb720e4e28d9af3b5a7a2dc18b8b198156e377a61a6e05bc824528fca0f8e61ac39b137a028029ff82e5229ad400a3cc22e2bdb687ad
-
Filesize
1KB
MD5c617241c1319a73d00c000b37772e818
SHA14c69ebd5d7bcc1792fbaa02403650ba16b00832f
SHA2566d651b5b749b483278531be91623014bdfc12951278a33d6e43477db60a620ef
SHA51207529d52ed9bcfa4a18650b5381a14b2e448028c9600375429f692f3c2e78fd08cfc3c6d6f4a3a278c6b43b6b8196ef1b8b8124cebc03d6a57e335d695ee355a
-
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\blessed-contrib\node_modules\chalk\license
Filesize1KB
MD5a12ebca0510a773644101a99a867d210
SHA10c94f137f6e0536db8cb2622a9dc84253b91b90c
SHA2566fb9754611c20f6649f68805e8c990e83261f29316e29de9e6cedae607b8634c
SHA512ae79e7a4209a451aef6b78f7b0b88170e7a22335126ac345522bf4eafe0818da5865aae1507c5dc0224ef854548c721df9a84371822f36d50cbcd97fa946eee9
-
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\bravojs\demos\iojs_tests\tests\modules\1.0\exactExports\test.js
Filesize366B
MD5a2af663dda238850bd19d1413ce63b24
SHA1894adb4db5a1cce69467d87d3e92b77c0dad63b7
SHA256fa23f6deac8cc740605194f63a38e6f17b647ba03e9d40b1fe2f7f6affb3fc79
SHA512dd62b77f17717fbe17c922174fc96b8df9b5b0e077513c6fb4193b5e07118aefcc8ac1f31e7c3526ba32dfff44526d9a2ba3d35c7e28e4de46b8ba72e42fd718
-
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\bravojs\demos\iojs_tests\tests\modules\2.0\hasOwnProperty\test.js
Filesize474B
MD5b8c6df5be77377528b1502778dc3d060
SHA104e7dc9514fd58396b8766542aa3b3764fb1aa16
SHA2566707f667fabd17f4f3d5bf5efbb0f2bd63a796840b13fe197f69034a0a258d94
SHA51280b9ce50344b6ddf53ac82ef38e04b7d9c9a69de4e99c313ff648599d071e94b8219bc9dc3ab48b7a825c54f758d253e0b34d4a6fc31e33e1adefb7ecc00c258
-
Filesize
765B
MD582703a69f6d7411dde679954c2fd9dca
SHA1bb408e929caeb1731945b2ba54bc337edb87cc66
SHA2564ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b
SHA5123fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46
-
Filesize
1KB
MD5d5b9cb3bc7f6ffd7bea8661f30447c11
SHA1a4b5765e26b195e972e961e2c241a54eff51dafb
SHA256cb992345949ccd6e8394b2cd6c465f7b897c864f845937dbf64e8997f389e164
SHA512ea3679d79a1a7161ff68dd4265d7e89b9ee2bfff4f32d8da4802692d6fdc5c1706ff9edd5dce36ad4e88f7aa5f76061cf4cc8794a010efbf39b5bcb1ef08a550
-
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\https-proxy-agent\node_modules\debug\package.json
Filesize1KB
MD52630a1ac039c8970c8fb0daf0f2f03c4
SHA1ed6fe3dcf77a4c2ddadde904c5b1fc47cf9893c7
SHA256754ba4f352a9b983fbbf93cfffe015d29bc789a08eb05815270abf50902697fb
SHA512a017d21a1ecb159065bc32b94b38de03b38c10448b85f88bfe1498b144320884d612a868b9db192d6acf041f88da415f953d9dd8541ee29e4053e2463dd54791
-
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\https-proxy-agent\node_modules\debug\src\node.js
Filesize4KB
MD56e63fda079262f01e14f03bdf77146c0
SHA1481608e3c95722f3a474336e5b777a6a521e76f9
SHA256f237adcb52849de7c128f57e0468b52353c529a6c8341810477c0e7144359559
SHA5123017b4717118f56fac106dcaa046aecf3cc63c37e64f49838e5379a13583c293f39ec5ace48fb2dabeac6af4a967f96219812733ead6f36c3f5c8d132d795900
-
Filesize
42B
MD53aa88e1b4178e1364504595cf52245d4
SHA1ce6ec6945a433dabf9df0dab82f65f8bbca4feba
SHA256a1cd9589c07a23e3a67e8c6017e10a46d26085a85c7b55dee70192c788b1d1f8
SHA512fe5a4c0a22148adead4acc911203a9299515cc0c65a5ec1969e7ede69cbe7152a7ff6a52efac98c460a17844fc9ebea6676b2161c5b1febb501463ae5a120f76
-
Filesize
13B
MD53d10912d07e7bc8cd7d2faea51adb2d8
SHA18b894ec0b3bbc33011392ad9bafeb1df2634db45
SHA25616d30e4462189fb14dd611bdb708c510630c576a1f35b9383e89a4352da36c97
SHA5128d609d64d4e3f7b92e6cb047b2c416902f59f67b716cfc1b030ff4a745f78e2cb65caab8fa38d39cf28e3997fe35ccc24c2e6b1c02de7a39e821467bdee70561
-
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\regedit\node_modules\debug\src\index.js
Filesize314B
MD5d6c53f5a0dd8f256d91210ad530a2f3e
SHA10f4ce3b10eff761f099ac75593f7e05b149ae695
SHA256aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3
SHA5124faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2
-
Filesize
20B
MD50c1d9e1731bb3d71b0b7a15695bfab14
SHA1db311f33466c97593aa59411fcfd87e8489d8f50
SHA2566e66e366f0aefb84ad8110afcd9b2245702c643c831edf8316ff048fec739d2e
SHA51245e19626ce38abfafe540dd1b108ef171a927b97bfa75fd3943f5f2670e2db6e58af7a33fd3caf0a75fb0e8fac0961928627b9abc743234de97c320b7dd09918
-
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\socket.io-parser\node_modules\debug\README.md
Filesize21KB
MD544d6d103f294667967e0975107c50e59
SHA186a542a5178a95047aab606b0605cd8d56e7053c
SHA25627542cdec68da894345048dd553144e12764fb1f1c33e602bec276d7a50c56a3
SHA512dd8222e2ed98720c4ce9018d0c464319c9468224d902e61c2b41c978a680eb9dc01d2094d8513868fa653f7a9b235ad9f9aa26e6d12a2399d5c7e4384f0aa381
-
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\socket.io-parser\node_modules\debug\src\common.js
Filesize6KB
MD528e94a3cc7d081498bea5ced383038f6
SHA1c9707394c09387b56864a8865158d29fd307774a
SHA256c65bff44c189188e0c45afdbd9b02c427ff5c6e54b94da53c102fbb7a53f0e37
SHA5125775d4c9b823dc9514488a28f2bfcba990a13defdfc5992e1ffec915ca5e6ec2ba87bddb1cb7f4b772345a14b4041f98a74f7bcc9d9be2a3371e3002c33bbebc
-
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\supports-hyperlinks\node_modules\supports-color\license
Filesize1KB
MD5915042b5df33c31a6db2b37eadaa00e3
SHA15aaf48196ddd4d007a3067aa7f30303ca8e4b29c
SHA25648da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0
SHA5129c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13
-
Filesize
433B
MD505ed3e192dc805c6abb64ac63489aa51
SHA19aa30cdb479b144b71cc7b4a30c3cb53c905492a
SHA256b0d7be40a4cf3eed9985857f17c8751799b1451d3848d91ef3ab68c5b4d4be71
SHA5123f0e0489a703d32e8aaf5a33eb14747288a3867c56b6f493da92199c7981cb35c8649fedcecea83e427faa5de71663a5844ce01597859f7820ea728426ecb43b
-
Filesize
1KB
MD595a881ed5cb29fc8a0fa0356525f30ac
SHA13bebb9ba92e45dd02a0512e144f6a46b14a9b8ab
SHA2569068a8782d2fb4c6e432cfa25334efa56f722822180570802bf86e71b6003b1e
SHA512e2bad52e4e244a06f50bd64fcefa7c942febfac5a814c71095106fd3be64634b8381895d4cce884fbe3b2c20043ce210e6322b135b1b9fb2965bd4ae7a57ba8c
-
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\schemas\plugins\asset\AssetGeneratorOptions.check.d.ts
Filesize180B
MD523b2e592650b9f766354c61850bcbf5d
SHA10f44ef1078520b57b55f9be89419cf7b748b4691
SHA25641a7a7ba151074d7866409bc5f8019a021fe26d846995a7d74de151561426f1d
SHA51228ffa772e91519893f8d24e57942cee363c15adf59171026dc3322e72580a3014c828586e06d1d81ba0cdd684217560e6a757cdfed26d173ec2383ef3016da6a
-
Filesize
127KB
MD593394d2866590fb66759f5f0263453f2
SHA12f0903d4b21a0231add1b4cd02e25c7c4974da84
SHA2565c29b8255ace0cd94c066c528c8ad04f0f45eba12fcf94da7b9ca1b64ad4288b
SHA512f2033997b7622bd7cd6f30fca676ab02ecf6c732bd44e43358e4857b2cf5b227a5aa6bbbf2828c69dd902cbcc6ff983306787a46104ca000187f0cba3743c622
-
Filesize
1.1MB
MD5a14a87e0e3676dd8fa3ab67f6fb61cd2
SHA1dce5635baab073c9a11fca5c00a2e001d9c21f6f
SHA256f8dc4300eb81f343f586bc52a50b600b45d1b7e54b73fb522525db2ae303558b
SHA5125b2c8f07281966ceb13eac129a6cf4cf89ed558cbe8a9f3d3b48fd1f054b4fda48d164336cf7e43189e753ff7851b9043d81b7259a8dac214948d8fe02c216af
-
Filesize
14KB
MD5277e355779ec68ad1ac62b27ad3a6294
SHA188b4a2b54c9b96dbb99d5d011a88bb8cdbf8cf95
SHA2560e35a0aea113abe09c19a7a07b20266f2cfab0def910ec1ba86394e7ed8559b7
SHA51278a769e1012c47c167e6eed73a34b765ff97c931d621e1c7582fcde7ded904ef37e38cee81cc5c641db4a29f819033d6f8a0d389ec52ee52f8f188919cc8d140
-
Filesize
12.8MB
MD53e569948c14aff34a670f0f3f384040d
SHA165266de10390183a25781a85cd0c67048bc8b252
SHA256d4cba0b3d5f6e7a475e7bce61824e1eb66450b4357017336b04a89429553d0ed
SHA512bcf40cc67914f880b34bc220c7fb5c18571fdf93d075f08edaa1f68f50d3d695da0f75917f345eabd57ea366990b2652773d424d208f6aa61eeed2e15977124e
-
\??\Volume{453a990c-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{3aaf74f4-c398-4cd7-ae7e-de56051c0350}_OnDiskSnapshotProp
Filesize6KB
MD5503eb848a4a9d54ae9d16616f5429957
SHA15984c3bea484e7620bd8b22d021643c99cc72af0
SHA256445a6a45ea5f1a569d0098acf48484d2d84847db4ec97f5c48740698b0e76afe
SHA51209ebaf2427ac8614e9a1592568c33aa69cf143bc626ae39dd39afeb4856540e1aecaaa6bde235e1588f8332bfa353dfbb1561a43352bbae40c84784acd5dae26