Malware Analysis Report

2025-01-03 08:33

Sample ID 240610-3wdttawdrp
Target dcp-worker-6.0.3.0-windows-x64-8a53b1e0c7.msi
SHA256 8a53b1e0c787619cc646f9c37e2ccee0e20c1a9e65dece4e79891f6a0fcdb573
Tags
persistence ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8a53b1e0c787619cc646f9c37e2ccee0e20c1a9e65dece4e79891f6a0fcdb573

Threat Level: Likely malicious

The file dcp-worker-6.0.3.0-windows-x64-8a53b1e0c7.msi was found to be: Likely malicious.

Malicious Activity Summary

persistence ransomware

Renames multiple (154) files with added filename extension

Sets file execution options in registry

Modifies Installed Components in the registry

Enumerates connected drives

Drops file in System32 directory

Registers COM server for autorun

Drops file in Program Files directory

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:51

Reported

2024-06-10 23:54

Platform

win11-20240508-en

Max time kernel

144s

Max time network

152s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\dcp-worker-6.0.3.0-windows-x64-8a53b1e0c7.msi

Signatures

Renames multiple (154) files with added filename extension

ransomware

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B}\Version = "6,0,3,0" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B}\Version = "6,0,3,0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B}\StubPath = "msiexec /fou {5E73C3C5-02C5-4CF3-8916-F16E61D262A7} /qn" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B}\ = "DCP Worker 6.0.3.0" C:\Windows\system32\msiexec.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DistributiveUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\dcp-screensaver.scr C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\lib\dependencies\SystemRuntimeModule.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\yargs\build\lib\utils\set-blocking.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\regions\GY.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\browserify-aes\modes\ctr.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\lib\WebpackOptionsApply.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\secp256k1\src\secp256k1\src\field_5x52_asm_impl.h C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\iconv-lite\encodings\dbcs-codec.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\regions\TM.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\json-schema-traverse\.eslintrc.yml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\resolve\test\nonstring.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ajv\lib\keyword.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\tar\node_modules\yallist\iterator.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@jridgewell\set-array\dist\types\set-array.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\regions\NZ.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\features\css-gradients.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\cliui\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\_baseMergeDeep.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\undici-types\header.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\neo-async\groupBySeries.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\p-limit\index.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ethereumjs-util\dist.browser\address.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\yargs\locales\ru.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\socket.io-client\build\cjs\contrib\backo2.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\fp\wrapperReverse.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\regions\WS.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\events\.github\FUNDING.yml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\.bin\semver.cmd C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\isobject\README.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\fp\toArray.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\_toSource.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\secp256k1\prebuilds\linux-x64\node.napi.glibc.node C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\fp\isObject.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ajv\scripts\publish-built-version C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\type-fest\source\conditional-except.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\jest-worker\node_modules\supports-color\license C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\keccak\src\libkeccak-64\KeccakSpongeWidth1600.h C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\iteratee.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\features\tabindex-attr.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\node-pre-gyp\lib\build.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\lib\runtime\EnsureChunkRuntimeModule.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\.bin\atob.cmd C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\lib\dependencies\HarmonyExportSpecifierDependency.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\_mapCacheSet.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\socket.io-client\build\esm-debug\manager.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@jridgewell\sourcemap-codec\dist\types\sourcemap-codec.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ethereum-cryptography\pure\hdkey.js.map C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\features\dnssec.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\wrapperLodash.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ws\lib\validation.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\hash-base\node_modules\readable-stream\readable-browser.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\polyfill-crypto.getrandomvalues\index.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\htmlparser2\node_modules\readable-stream\README.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\gl-matrix\bower.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_sw.dll C:\Windows\Installer\MSI5561.tmp N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\neo-async\reduceRight.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack-sources\lib\Source.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\bravojs\reference\CommonJS Modules-2.0-draft-8.pdf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@types\eslint\rules\best-practices.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\resolve\test\resolver\false_main\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\engine.io-client\build\esm-debug\contrib\yeast.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\string-width\index.d.ts C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\features\wasm-reference-types.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\clone-deep\package.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\fp\hasIn.js C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI39E9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI94B0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{5E73C3C5-02C5-4CF3-8916-F16E61D262A7} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFB719B806EFDEC7D1.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2B9F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5561.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9346.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{5E73C3C5-02C5-4CF3-8916-F16E61D262A7}\DCP_ICON.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{5E73C3C5-02C5-4CF3-8916-F16E61D262A7}\DCP_ICON.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e581e22.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e581e22.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFC4B636207C53C0CD.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{5E73C3C5-02C5-4CF3-8916-F16E61D262A7}\ProductIcon.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF05A50B3B8250A656.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2F1B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{5E73C3C5-02C5-4CF3-8916-F16E61D262A7}\ProductIcon.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9422.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9935.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF7327BC3D3F8800D9.TMP C:\Windows\system32\msiexec.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000000c993a456edcb2280000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800000c993a450000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809000c993a45000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d0c993a45000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000c993a4500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Control Panel\Desktop C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\SCRNSAVE.EXE = "C:\\Windows\\System32\\dcp-screensaver.scr" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\ScreenSaveActive = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\ScreenSaveTimeOut = "60" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA560363-C9EE-48F9-A0D5-C42A9AADECED}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5CB5A27-A170-432B-902E-150EDDBBB1CF}\ProxyStubClsid32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E605C9-890D-4FBF-89A0-4A0851B304DF}\NumMethods\ = "23" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2FD0ECCD-6BCA-420D-9A0D-A4F5D8DF0838}\NumMethods\ = "11" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C978491-79DA-4CB7-A09D-C74E814857E8} C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E73F82EB-2875-4C0F-931B-4D97566E9536} C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA560363-C9EE-48F9-A0D5-C42A9AADECED}\NumMethods C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6AF5D414-E02C-4047-A448-46F7F6785AA4}\ = "ICredentialDialog" C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C978491-79DA-4CB7-A09D-C74E814857E8}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CEEB9852-3DF2-4148-B9EF-256BCA748A57}\ProxyStubClsid32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A4EB4CB-6E0C-4D0C-A97F-CD08B6AAA13C}\ = "Google Update Process Launcher Class" C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A403E53E-EF45-49FD-ACFE-2865E7A66624}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{73AAEC8A-6C30-4AF6-AE2A-3ECA2B2D803B}\NumMethods C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{16F6D3AE-4D0A-4EA2-AFB8-16EEC55B90FD} C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A403E53E-EF45-49FD-ACFE-2865E7A66624}\NumMethods C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6AF5D414-E02C-4047-A448-46F7F6785AA4} C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C978491-79DA-4CB7-A09D-C74E814857E8}\ProxyStubClsid32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.CoCreateAsync.1.0\CLSID C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18} C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8617C958-0795-4AEF-8BD7-468CAA7D895A}\NumMethods C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2FD0ECCD-6BCA-420D-9A0D-A4F5D8DF0838}\NumMethods C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E73F82EB-2875-4C0F-931B-4D97566E9536}\NumMethods\ = "41" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C34845D-1CD9-4223-AC11-13320F38EAD4} C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.Update3COMClassService\CurVer\ = "DistributiveUpdate.Update3COMClassService.1.0" C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5CB5A27-A170-432B-902E-150EDDBBB1CF} C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A403E53E-EF45-49FD-ACFE-2865E7A66624}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F34AD5DB-3637-4CE3-A02F-829C91EE5BF4}\NumMethods C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.OnDemandCOMClassMachine\ = "Google Update Broker Class Factory" C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041} C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B659A62-B4A2-4A4A-81F2-D9FDC4613249}\ = "IAppWeb" C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AA560363-C9EE-48F9-A0D5-C42A9AADECED} C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27B5B33F-D14A-4529-8F26-3E907F5C4A89}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A87A96F-4081-4F5F-84AE-B329561D98E4}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.Update3WebMachineFallback.1.0 C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD8B755E-A69A-4E81-A36A-523A6D5CB7F0}\ = "Update3COMClass" C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED25BB16-6A6E-45CA-8749-5CED3C800904}\NumMethods\ = "4" C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B659A62-B4A2-4A4A-81F2-D9FDC4613249}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48AE3506-23F9-4DAC-B497-476CC583235E}\NumMethods C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BA6FF32-B911-4935-A40F-CCC1A53B9D94}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D84FF18D-48F9-4064-8698-B2C2A329EF4B} C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.CoCreateAsync.1.0\ = "CoCreateAsync" C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.CoreMachineClass\CLSID C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B839611-5B50-4910-99CC-C004B7FA8D0B}\Elevation\IconReference = "@C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\goopdate.dll,-1004" C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9FF1873-1A0B-4F40-9D63-2BAFFFF08680}\Elevation\IconReference = "@C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\goopdate.dll,-1004" C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AA02BE4-4159-425C-AC0D-F379C958D76E} C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.CoreClass C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6AF5D414-E02C-4047-A448-46F7F6785AA4} C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E605C9-890D-4FBF-89A0-4A0851B304DF}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.Update3WebMachine\CLSID C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5CB5A27-A170-432B-902E-150EDDBBB1CF}\NumMethods\ = "16" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6AF5D414-E02C-4047-A448-46F7F6785AA4}\NumMethods C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36D4B3CB-05A5-483D-B904-45FBCE5D19CB}\ProgID\ = "DistributiveUpdate.Update3WebMachineFallback.1.0" C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48AE3506-23F9-4DAC-B497-476CC583235E}\NumMethods\ = "43" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA560363-C9EE-48F9-A0D5-C42A9AADECED}\NumMethods\ = "41" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CEEB9852-3DF2-4148-B9EF-256BCA748A57} C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C34845D-1CD9-4223-AC11-13320F38EAD4}\NumMethods\ = "5" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000CF995-AD74-4D60-BD66-3DDCB6AC2222}\ = "IPolicyStatusValue" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E73F82EB-2875-4C0F-931B-4D97566E9536}\NumMethods C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.OnDemandCOMClassSvc\CLSID C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{15CE973A-ECA9-4EE3-8A87-31E03541D200}\ = "IProcessLauncher" C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27B5B33F-D14A-4529-8F26-3E907F5C4A89}\ProxyStubClsid32 C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A
N/A N/A C:\Program Files\Distributive\DCP\node.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1564 wrote to memory of 3352 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 1564 wrote to memory of 3352 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 1564 wrote to memory of 3968 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1564 wrote to memory of 3968 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1564 wrote to memory of 3968 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1564 wrote to memory of 4996 N/A C:\Windows\system32\msiexec.exe C:\Windows\Installer\MSI5561.tmp
PID 1564 wrote to memory of 4996 N/A C:\Windows\system32\msiexec.exe C:\Windows\Installer\MSI5561.tmp
PID 1564 wrote to memory of 4996 N/A C:\Windows\system32\msiexec.exe C:\Windows\Installer\MSI5561.tmp
PID 4996 wrote to memory of 3484 N/A C:\Windows\Installer\MSI5561.tmp C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe
PID 4996 wrote to memory of 3484 N/A C:\Windows\Installer\MSI5561.tmp C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe
PID 4996 wrote to memory of 3484 N/A C:\Windows\Installer\MSI5561.tmp C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe
PID 3484 wrote to memory of 836 N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe
PID 3484 wrote to memory of 836 N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe
PID 3484 wrote to memory of 836 N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe
PID 3484 wrote to memory of 4916 N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe
PID 3484 wrote to memory of 4916 N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe
PID 3484 wrote to memory of 4916 N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe
PID 4916 wrote to memory of 5024 N/A C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe
PID 4916 wrote to memory of 5024 N/A C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe
PID 4916 wrote to memory of 4460 N/A C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe
PID 4916 wrote to memory of 4460 N/A C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe
PID 4916 wrote to memory of 2260 N/A C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe
PID 4916 wrote to memory of 2260 N/A C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe
PID 3484 wrote to memory of 684 N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe
PID 3484 wrote to memory of 684 N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe
PID 3484 wrote to memory of 684 N/A C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe
PID 1564 wrote to memory of 2036 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1564 wrote to memory of 2036 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1564 wrote to memory of 2036 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2036 wrote to memory of 1348 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files\Distributive\DCP\dcp-configurator.exe
PID 2036 wrote to memory of 1348 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files\Distributive\DCP\dcp-configurator.exe
PID 2036 wrote to memory of 756 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\system32\cmd.exe
PID 2036 wrote to memory of 756 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\system32\cmd.exe
PID 756 wrote to memory of 3080 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 756 wrote to memory of 3080 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3080 wrote to memory of 3448 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3080 wrote to memory of 3448 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 756 wrote to memory of 3008 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 756 wrote to memory of 3008 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3008 wrote to memory of 4204 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3008 wrote to memory of 4204 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 756 wrote to memory of 1420 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 756 wrote to memory of 1420 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1420 wrote to memory of 3552 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 1420 wrote to memory of 3552 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3552 wrote to memory of 384 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3552 wrote to memory of 384 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1420 wrote to memory of 3956 N/A C:\Windows\system32\cmd.exe C:\Program Files\Distributive\DCP\node.exe
PID 1420 wrote to memory of 3956 N/A C:\Windows\system32\cmd.exe C:\Program Files\Distributive\DCP\node.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\dcp-worker-6.0.3.0-windows-x64-8a53b1e0c7.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding BD8DFA545F0FD2F9BD13FA7797F14E8D

C:\Windows\Installer\MSI5561.tmp

"C:\Windows\Installer\MSI5561.tmp" /install "runtime=true&needsadmin=True&usagestats=1" /installsource enterprisemsi /silent

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe

"C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe" /install "runtime=true&needsadmin=True&usagestats=1" /installsource enterprisemsi /silent

C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe

"C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe" /regsvc

C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe

"C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe" /regserver

C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe

"C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy45OS4wIiBzaGVsbF92ZXJzaW9uPSIxLjMuOTkuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntFMzQzM0JGMi1ERDMzLTQ0NEUtODVGMi03NEMwQzc4MUY1NDZ9IiB1c2VyaWQ9Ins5Q0JGQTQ2My04OTczLTQ4QUItOURENi02M0JFMkY1MTYyRkR9IiBpbnN0YWxsc291cmNlPSJlbnRlcnByaXNlbXNpIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins5MUFFREMyQS1FNTEzLTREREMtQTdFNy0yNTUwRThDRjc3RUR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7QjM1MTk3MTAtNEQ2Qi00OTkzLUI0QTUtOEFDNEQyRDQ5MzhCfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjk5LjAiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNzA0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 4626586F2BE33355290204C8FB78B700 E Global\MSI0000

C:\Program Files\Distributive\DCP\dcp-configurator.exe

"C:\Program Files\Distributive\DCP\dcp-configurator.exe" --set "" "" "C:\Program Files\Distributive\DCP\\"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files\Distributive\DCP\dcp-supervisor-setup.bat""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c reg query "HKLM\Software\Distributive\DCP\dcp-client\dcp-config\worker" /v defaultPaymentAddress 2>nul

C:\Windows\system32\reg.exe

reg query "HKLM\Software\Distributive\DCP\dcp-client\dcp-config\worker" /v defaultPaymentAddress

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c reg query "HKLM\Software\Distributive\DCP\keystore\default" /v id 2>nul

C:\Windows\system32\reg.exe

reg query "HKLM\Software\Distributive\DCP\keystore\default" /v id

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c call dcp-supervisor-keystore.bat 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c reg query "HKLM\Software\Distributive\DCP\v8" /v "options" 2>nul

C:\Windows\system32\reg.exe

reg query "HKLM\Software\Distributive\DCP\v8" /v "options"

C:\Program Files\Distributive\DCP\node.exe

".\node.exe" "dcp-supervisor\keystore.js"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 updates.distributive.network udp
US 8.8.8.8:53 updates.distributive.network udp
US 8.8.8.8:53 updates.distributive.network udp

Files

\??\Volume{453a990c-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{3aaf74f4-c398-4cd7-ae7e-de56051c0350}_OnDiskSnapshotProp

MD5 503eb848a4a9d54ae9d16616f5429957
SHA1 5984c3bea484e7620bd8b22d021643c99cc72af0
SHA256 445a6a45ea5f1a569d0098acf48484d2d84847db4ec97f5c48740698b0e76afe
SHA512 09ebaf2427ac8614e9a1592568c33aa69cf143bc626ae39dd39afeb4856540e1aecaaa6bde235e1588f8332bfa353dfbb1561a43352bbae40c84784acd5dae26

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 3e569948c14aff34a670f0f3f384040d
SHA1 65266de10390183a25781a85cd0c67048bc8b252
SHA256 d4cba0b3d5f6e7a475e7bce61824e1eb66450b4357017336b04a89429553d0ed
SHA512 bcf40cc67914f880b34bc220c7fb5c18571fdf93d075f08edaa1f68f50d3d695da0f75917f345eabd57ea366990b2652773d424d208f6aa61eeed2e15977124e

C:\Windows\Installer\MSI2F1B.tmp

MD5 93394d2866590fb66759f5f0263453f2
SHA1 2f0903d4b21a0231add1b4cd02e25c7c4974da84
SHA256 5c29b8255ace0cd94c066c528c8ad04f0f45eba12fcf94da7b9ca1b64ad4288b
SHA512 f2033997b7622bd7cd6f30fca676ab02ecf6c732bd44e43358e4857b2cf5b227a5aa6bbbf2828c69dd902cbcc6ff983306787a46104ca000187f0cba3743c622

C:\Windows\Installer\MSI5561.tmp

MD5 a14a87e0e3676dd8fa3ab67f6fb61cd2
SHA1 dce5635baab073c9a11fca5c00a2e001d9c21f6f
SHA256 f8dc4300eb81f343f586bc52a50b600b45d1b7e54b73fb522525db2ae303558b
SHA512 5b2c8f07281966ceb13eac129a6cf4cf89ed558cbe8a9f3d3b48fd1f054b4fda48d164336cf7e43189e753ff7851b9043d81b7259a8dac214948d8fe02c216af

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe

MD5 60d3870900fd35e8daf5966ce006cda7
SHA1 877169685f0a855144908793d10b4134808ca441
SHA256 9bb52ce0fb2aefad058930790eaf50da3476cd5a749d87b00c3e0882a20aa453
SHA512 239b6fa51d9f0668d9da9d6ec0b0bbdbd39bbd8fe06055f55b2ac8d13c804a65beb85bee11f9d4e53280344fa185892da1eab96a838a3a705ef0e747e4257c3f

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdate.dll

MD5 eb17ccd15d1d64904e9ac4c9c91292ca
SHA1 f80b3b91b19d78d3995fee25cb9f5fbe175654bd
SHA256 34a20e85130132ffe5e47896539977d3d17467dd527040cb5be659605d5945ed
SHA512 14adda4a08a7894776a7cab44c852be5de2bd52f4a2b9184124ac928762363992612fdfcffbea19b361b8d720266654c4464f2b5ef76db6aa40ba4da1816e51c

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_en.dll

MD5 097c46068d821485a554c2d3df3a69a0
SHA1 d272f5b7fb80963b605fbe9a2954edf5741e3ddb
SHA256 0df34914d438bd2d2408f7c1efb3bc5e40a4f74b1864de9e88f4a18ca612b5e8
SHA512 83aa23a758ecc6aeba0b10fbcfe327901b0f4ddd03988b4fe814f5c48a8ad2cd641ee0c13d452d25216cd60a40e4a5668d8ac65c1770d3d3d1cc310e88aed066

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdateCore.exe

MD5 ce5c61b614321bb5a3cb04c91d279806
SHA1 bf990b1e7687d9cffbbaacd1fa44b14bcb48a6e7
SHA256 de62b279f331e18ea9174710c2e0935ee071f1920ddca535a143611e50aec492
SHA512 89c95ca002809ebabda0e770bcbe1763b1f1417d894fe58dcdb8b057a9a4ac52c8342f242d644fe9049862742099d1250575f0fd5d6e946801543d73306cf6a3

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_el.dll

MD5 5664568f0cb8a5bfdbde3c290c9e8f8d
SHA1 27dd1d667db5011e1d75d76c20b13203717f8082
SHA256 fbafaefccd5c8c94b1b18cdc1c606710719a67c89d6674dd42ea07e7a58c65c4
SHA512 b537c6d4346abdfebf204ccab6b4d80fd5de1c0a2625322b4e773b0c0284b8d0372a606b529e7f3433bd4ce6c2676c7db1703f9e515d14bfc85316380a8b7354

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_en-GB.dll

MD5 cfe541c7e363602e714040cdb550843e
SHA1 85634e523fcb1008adb789904eb52af945207369
SHA256 5629113ca8ef5abdd610c4505cf1417a3fa6d951788a852672cba57c774bd6b3
SHA512 d00084f155bd9163edcf4f13192d17f034c1b478c9e5ed002c699db85342d7cc207cd2fd3a3a359638103c7ab221e3fb195137d31ae23445f906b65605038ec5

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_de.dll

MD5 38db93a526841ceebfb6220423da362d
SHA1 6c27b5f592329e7ab4c6df91ba07d2048a604ae6
SHA256 1f493449ccf7664cda6b723e60f79ddb0513f13c3e531e5229bcacb6acf59bea
SHA512 b5914bd7407b6afe2a66eda038c5f207b1b8f67984124692214f564e135fb6da8f629867339f8c4d7c390c0ce1bfc27aabec81025e70f7edb400dac1ef1df21b

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_da.dll

MD5 3bd1a87c818b007a7b349cf46023df8a
SHA1 62a4de61ad01ef75907c47dfd6a77a226e955042
SHA256 ed55e02334dd4f8e85612997f49ebcb23d43c449599ae129bedb78b96f06af3f
SHA512 3323d459b3a6f6699705a7d3aacb0bec32d7fa47f4cfc74ad8b242cfb7cab9af0463f232bad26795bdce4681708b5f9d233afc8a490df1b2cf66af4fe1a57a18

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_cs.dll

MD5 797ed39702f719e43d8ef6a6baed8a57
SHA1 022e54f0058b4cf0849ac952936a213f4c6ceb31
SHA256 3de8b7e9742fb7d2c9d28bb5cd8f9fc2d194201d4b31a9fde06809189f3d0871
SHA512 5155e0f216f7139ae59478caa7eab2ceb94f3b27bc8c4d8d3ba8699d1e2e6906c1d8b5a8567736b53e01c79da75f70ed74e3f843a024fa944493b4919365f48c

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ca.dll

MD5 ad8963cfd3a98edb2f78851d77afed3d
SHA1 617dc8fd40cc62af276558dcb6be62ec22319721
SHA256 bc1cafa869af022312a666646fe4a01a44244a6e03dc1f70f6027f44fa7447b4
SHA512 c49721f43d7e73b1fdbc990da7e1ef0cb746b524b16b85b65aef1ace681c2f7a36697f57f4168a50408d2f3f3eb4d70c9293dd5e5257db0fdd14f088ec2d9aa0

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_bn.dll

MD5 555ed1a7c9bb55a39da534833a722989
SHA1 225d3a7fdf7726bd06b6246dad98f5c53fa009ed
SHA256 cd5ea9a9bc626629b999f0c8c93c2f851e85ec18945f0514be7903399a3ac7d0
SHA512 fc959e2800e1596c0c8ea00789d0a3d96ccf06ea23efce928a429931f19a9d6d8545c6b57a2280c2d755e712a114493603659179999edc160925e8d07e041a2d

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_bg.dll

MD5 41cfe56780117253d083ecc71e1f8ad4
SHA1 138a6107efc05ff5802b0a734c817cf945d6dc39
SHA256 669e3bcbb20871a0c5b02f4ca31bec1733abeea947c9bcf5414eb8380f7d18a7
SHA512 3665b4c2cac54db5f11c738621fbf454672c0f0b94320d48b88adbd3cadf83215d5733b58eade9f09517088ea0da432547b2f1d4d3580c37511c11b10d93e8bd

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ar.dll

MD5 bdcccdb5d1271f513489822d9fd4e57e
SHA1 6a4b60ab3c9d7d0afa756e43772220f617fdb33d
SHA256 ca24a9dc26c48c9042713c3ef4ecd262c3cf45e054d1e23ec6c62171e4880bd0
SHA512 e6f0cf4d7bf98667faa96be55b08a7f951971844252524642777e3d551a22b2659620ac81f80cd72871c0f6746cfcdae519a5ad961feda36b66f74e7b163da13

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_am.dll

MD5 c6f7c280f2939fffbab6a14bb1b4fb5c
SHA1 03ee0a4fb2c9657ad06ad9c6476d98fda619d97c
SHA256 a0c714ca4f3f21e9da84f7e443ff4f286f756997a4bd10473957ab08720d3f8a
SHA512 5fe938cdc33c94d2dbf8083da2c1af60dccfe376df66fd841407963b58b4b912f3d6367896d76902dce96731d1d6a1de22d8d7938bd0dd0807c91c596470492d

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdateComRegisterShell64.exe

MD5 fce3633181279f9515ce26b656da02bc
SHA1 50c9b881051487466063892518727154524c6eba
SHA256 1687d1c080ad85104ee122e99ecf8022cbca750875aa5d87f41b25e148c9f70d
SHA512 df48cbf7a5e76ee9d296084ae9139962b1c576bc243214f9718fc90b6f9b4d2cee0865ba13d90b2d9756055d212fa5d9816755abef31115626fefdee622a03e0

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveCrashHandler64.exe

MD5 3c15413c7b5e8b8185576fb9ff43b960
SHA1 aef99c7a77999c49a6beabc610c2cab219581484
SHA256 5eae3a3570ed2c34a4be01a4e661e743cc455d89c14aa5edd4f05bf16cdb4509
SHA512 423a71414d5cfeaf24754f85c1231f5a3c2f65a85f13cca7d55edcefd04eda1e71b11269f3005a2b945cabb9850b1169e44b5319e9e2110cc0674c872e3da25b

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveCrashHandler.exe

MD5 594300d1cc95b4e44b6c040e57d824de
SHA1 b1916f714dc1fb47b11138fc191635c17209cc8e
SHA256 3d6152060f3b0f656b853496ad81d3608ed4e4562591670dfbded8f866ef93aa
SHA512 65dfc4a6276d6cc16148d61b16cc2ecb8c42722ba06d51c7c7ea3a053190356d5fa7a58fca5c45533390a6a5107718fc3f1790dae5f9850d8bc0d905c820fa05

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_iw.dll

MD5 1150aacc8443e7669a704b9e5057e593
SHA1 83afcb47d597b7a8f45865ee5978c935c37e9b09
SHA256 203922a7782537b382dfffafc2e8dea16e5d0988ed4008efc1d5822080844173
SHA512 cef3e0a90713fae37ebdf7d92aa3f066d21aa28f58ddad19dd3a382ed8b8f1e2844d08be6c1551ab4808b1a96993fa005768867bed8bb462d70d1b73aaf3af3e

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_kn.dll

MD5 38dc185feedf909eb80d2289b5a00456
SHA1 aca01b54beba723dad3617f5409f5af426315785
SHA256 3fb98a41857aa34fe7af3e76c71c77c7d76acac2597a85c318cd7e0a5ec4888d
SHA512 f046b131cca0e130cb8fda392884cbe47f88bf7029045a1db6ee398ffb9433ceba46410920e7bce7faf4d055c86cf405637c9e62be718c7ec1c7ccd6cf6f1aae

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ja.dll

MD5 6dd4e839124042a0cc403f1de1fe3916
SHA1 2b9e673529fc3c747733d8e4f373169ca90ce903
SHA256 88b1ae891d335b6b42c01117ab80a21d882fd006c40f2336495dbd484df2e0bc
SHA512 ac80e1f454c7a5901671e95dfe29ac9f5ee41f91b0d263516807f1346207145396630a2678902e101b7e69666516360c98a1d3f34914bb0ae05d8ddb3cfae630

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_te.dll

MD5 d16bf7d131f25276f4dbc3b0b65afcc3
SHA1 4ea64211a55cfe0a0ac75c9be382a29ba2e4c1c6
SHA256 f885d8d3cf60219fb8c1bc526ef2e8cd049502a7b1ed4145e22adbbbe5f3f364
SHA512 043a670badd9672e0847f1ae473f9bc014955fdaf18f1377a9a1f3b6b23b0b4f338c271f0d43f826f4a5fe2e03edaf7c20849d91033ca5066af5025a7818b97b

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ta.dll

MD5 20afb56746e30d5a9e94bbf21d9ee3ce
SHA1 6ffead19533b4473a9cd18d91205d42831fa4cfc
SHA256 5441a3d2806855824885f89d36644bf71441f333e63f00a00f0820a45b9a50e1
SHA512 ebc146888750a7b3341aec6e678e0a605b4b902242424be78595bf5371cf57ebb0b2554bd89a07b649e2076f15f838a11c5f00f9362f61c724e5e20d59542feb

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_sw.dll

MD5 dfedc30b777104d514922fec531e496f
SHA1 8758310f2c06a54995610262ad2947bc96105cff
SHA256 6ffd9e40238c46458d5285519d7fe1d6e8df14d744c488f19a65bf5b0b7cd68e
SHA512 77b8501c3394540724c980cfec27817cefabfea002db3df1f2cf4b52df3c1c08d7c33ecaa4e48bae2a4b94e3d3df6435c0ede94ff31bafe7251a26b8f8ab656d

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_sv.dll

MD5 03ca635d7e3c35b94d232ad66e785c26
SHA1 75a11d2c74614187a69d7afd3fbee0823f397966
SHA256 d7fb94e6a9d96235f6d8940a1f4c209f02cc11b8497fc44d2b3cb525ea1ba53b
SHA512 ef6d362598cea2891b1246a4dda996139393f4b304724b8ebc7398988ccef3cc6c2c828a946fd437cf579854ebf1083837c1d26f6c59372c583bd3e10860bceb

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_sr.dll

MD5 3ad69a41f6ebab0f900d8443cdceafbc
SHA1 e88c94a3917bdd0cdc6660a40b4cb83e18c15a1c
SHA256 d7ce1de5204234f590e73d390fa8c83abb173db2f67f14370920469a2b4f76c0
SHA512 fa461c3acefbf15f2031fe7739cffca83e4aba8806d94fe26e053c136c0f1f60e9ccd597975d58fb9c7ff9b9dcca943a01a34924c0f46df4eed999516ed8c59f

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_sl.dll

MD5 dc4d6deae888b66a16e9c6b9b0627ae3
SHA1 55169115de150c4e0423387077aac7a39e2be579
SHA256 4e0d9b696fd050c953264d003bda306aa75c47df8b91ebd2803d08a3e96b1807
SHA512 fd9654fae0a28e5b715416fe83a5db5af0381aa41dd2c2c678a27b59e4d1ad3205f5bb85e979068773178b9836229586096a542f3f642fcb1a37f7184b5fa0ff

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_sk.dll

MD5 88f73b214e0bc2a133201883944aa26b
SHA1 92d85159b889ad29805fb8692a85e645c1068422
SHA256 26fdefffcf5a603418a95295bf31a99bb0022b9a404d3d9da851ec0227da7634
SHA512 ccbd78e70ae574409478a8aeacd8a62d7dbd6d85ffa008b7091a1a4673183fbfce265b8b6f3cd930525cd92ced4e088cceca4c2c010bc87dd872ed284fdd3616

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ru.dll

MD5 a0db653f9e370f1e2fe8101de5930238
SHA1 ffe6903a2274b99f6b474c71045a929f63113242
SHA256 504138c172fda433b6ef38f9b99515200cf6d2700c28d150781b082fb6ceb23d
SHA512 043f93df0d28497703a85dde1b1fdb7a8f97ae10d450460ab2e0decc2fed940df14c9bbe04dfeee7c2d5ef7a1abe08b77f8eaf4fb04c5b67a6dc98b329cbc561

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ro.dll

MD5 b5889a4d20545d3c5ea71fcb7733148b
SHA1 bff878fc17fdd7cf00ccbffb951dc2d3d142c7e9
SHA256 5de1c6cb9713a14af0089b4f2faf4acd2c3cd2eaf849177d320b7737091857cd
SHA512 d8aed1b1dfbcc6f50a1496a38c7a0dfd4b71455616e9683310ed1e9946a4893e1a7a4380ee08b891c55bde5c0f652143017e5b376cea7ea53e45cecdce0c548e

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_no.dll

MD5 83a8c8af786efbb5f79c9cbbb3800858
SHA1 ba0733ebd2c4f33edb0dcaba63160d72c535d8ac
SHA256 3f353bc3d33418e9dc5c31822f49dd31623fde2d426765cc53a9d7392ffd0998
SHA512 03d1ae8efbe1037f8a3f795c0a2949217c2b8aa8b7b2aea66963e48d07f46dfdc20e1d81afe5a2f7e5a4fdec3d18ff8dc16bc0451bdef1f0c4510c4a22e67e1b

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_nl.dll

MD5 ba8299ea5a159726bcfba7740a883520
SHA1 787af1a577fa1ee7ce0f2e740e286bfdef42486e
SHA256 384218bcafe5f8926dd228dec2180f87fb15f5efe67c3af3f793490e09750ff5
SHA512 2679177cb527872c1fb9fdbd6e8f5db43f2422394a4db5ad185776f762f53dde7e45085c0711122d3e9d374d74c7bd6e5bcb433ea6c6dabde8e2e58883eb5f84

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_pt-PT.dll

MD5 71146a21c465b0fcaeb4e6b10ce2aabf
SHA1 4679c7f7a0c19b37d6e08058fe566c15c2c428c4
SHA256 791fcd221a7a281e3bbd48eff27d1cd4e9531553b3e629cc49dba599b284ea3a
SHA512 24aa5012868c0c8d0f3333d6cec4ebd4c683795cf05ceaa08c0b546db222d1914251664570d2e5abbd8d0947ea46f5c722da9a36f9d5b2276df5c72ad73e84ac

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_pt-BR.dll

MD5 b38a8c92361c6774af2db4f0f8563353
SHA1 8ad58de8f45f6b5bde14964949bddc9ad941f2fc
SHA256 4aa5c29cd40d46f87e693a5181013f14ff83e00e830b661e9a0297268f7677df
SHA512 fcd6cb1a8aed0cbbea00f793cda702f40d3f63c2d81b71f6cf8644cec7d6f95d41505c1b1a57e00f08b637b95262f1c1aeec8042d9e47a52e2a266228ce55d8a

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_pl.dll

MD5 16b02f0119dd35bec832c343013b5899
SHA1 f2e41de38cb10e603eb5c172963ccc3dd0c677de
SHA256 359d95c1fa5fd48466a12f3c73f0030988a405413de27a7c3216dc66f1bc5bec
SHA512 953c66e60faf9e34d566676995e17725b73c06397925538b52891a18f2e1f4c6a9566246647c30d23d1ba4639825bda099240293de874ad939bcea9b2b75f9d4

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ms.dll

MD5 9e2c58a21b200dff77ea0c8051b77702
SHA1 fc5dc409694e3155568aef95ccefca8a9b679cb4
SHA256 fb5c885d49e5aa448a1cee7098f65f13f64810dc15968d2b42142e97fc888ed9
SHA512 7b8b07fc8b2aa452864e9addbfeb69a0c07bbb17673b966b9bbba257c543622a3d104d2be5fb4d24ae022d3b444992b77f3a3b17dd07f7bbbe6a55be3b01ed27

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_mr.dll

MD5 b4e8704c34e41fc245c653dd6ef5a34d
SHA1 604ff01ecb58406468fd13db35fae4be7d26786d
SHA256 6e2511ee1790c696a81298102dd4591320e6136975545fdcf10faf59aba7b4c2
SHA512 ae806682693a208f8e490e769279e22c2bc01e3f47cbff50c27674294375374fc3b64c9c5db14d7371d16c7a78320fdf39c21714b9db43eef5262747508ac4de

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ml.dll

MD5 c258e236d885a9fcde469adf91aa4980
SHA1 a28e6d0fb1a845f6a8300b2c119faf8f40960f33
SHA256 1621465d4cf71952f5e27e4d27978428440755711ac72d0b51337d726c92268f
SHA512 7abeec6181b3c3367547927e6e886bdb96729abe8ea45f90fc24ae1422d94bf91d18ef7c532d329832d62a75bef7832e5a82516ea0d10add6f8180640e81139b

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_lv.dll

MD5 8b5d9a154e9cd7e1a66e66c9d46e09e8
SHA1 258448c72a8964a2d71c0e3374ba6381d22d66eb
SHA256 11e12c71f1b00f9c2d400cfbeaf83f9a58578658ffc67c2800c203370783198c
SHA512 9f31265b17532c233b4c89ff07d2de8c6e3841d73e16f70fa9cda96350d83b98fe1e3bb6dc10eeba009224f7c04746d19feb6c2567008844b274327a48f612ac

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_lt.dll

MD5 0e63adeeda330ae72d5dae05d2ab1879
SHA1 b989dcfb6cf47ea4969fa5378cf6c3f9632ef0ef
SHA256 ce6a507206bb2109eadabfb2445eadef364b847b517da37bf09cdf3e9dc38cc4
SHA512 6b5d0cc8f6218948cac597b544d227ae8cb1ae844f48b5c557b7657644f37e820d29dc95aeb25759b3486f6f86a748536cc3e5d215bb7f21b131eedaf4e4c7de

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ko.dll

MD5 80098606e566e046ade990ff6431b937
SHA1 f42910914ebd0d243ba0101b8d8ece7f597623a7
SHA256 98c8a8cbf7165369ba724dd96a6dbfb5a1fca7defe103faa517158e77f59306c
SHA512 8bb5832c87818d13c2e2a7335cfa455c69da87b321ab00c67ec86e6d5cf92e97f732ff314cb4602b6b8a50ecd04381656172f4cce97efe8e2d38cfdd041da152

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_it.dll

MD5 46bee30ae911957b24e9d1dbc404ebb5
SHA1 bc9882b5e62d1eba5e2449fa3b2305b068b0268c
SHA256 2572bda09a6eba5c79a588712986e7bf8dd47310ac94dc437aa92d87c574d554
SHA512 d2f3556613bb69986b9c2a716b18dc303eaa12dfe09c198e8cf1e5f9007f1b5c40d13b750e73157e5239fe619d664be5ac87269f19e30ecf65302c1b0aeeecf9

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_is.dll

MD5 070009daedea4df50f5fbad2c4449ea4
SHA1 1f47f4c9e1f6eff7d6cb7cef93263434a0d87833
SHA256 43cbefe6e8f803b31f4bef6b569e4a3f06e3794977e186ba63b22d2675ed66f8
SHA512 04f1352e36ff9ba2c690520f0402620afbdbaf2600db1af96248481f298adee3d71572e4ba8182b1ad94440aedfa26d364ba3ce262e18f140d073d8b984129d4

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_id.dll

MD5 cb17bede0af90f6738385df6af6b8a04
SHA1 64956abe8d792361402e63ade8b35ecfb2b94e73
SHA256 938924017e3fb404dab6b30f42adf1403f019a4509234bef36cf9019c6af5843
SHA512 10974b4bef2492edb9f7721e486ca13f95536d80bf67f55258ab64eeabd3213c25ebce4de6acc9e76c967b588e2ccedab947696c53e46323b5ac6d9638706a68

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_hu.dll

MD5 3cc0bf341be378594ab251acbc89d9c4
SHA1 456e4e1def91733ebd5af6d384d1ee03940deeda
SHA256 5691bf7b83e6d5c83f964ddb50f68fdbd67b749894a378ec5e53af58a89756f2
SHA512 45c66cd18662063a9c49e9295fd572fd169ba146d1fd5547e2ec2b290b86528ffb2087cab4ed600fe92d586b1a479da2ac14485dc9225a5d355254c97219e46e

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_hr.dll

MD5 22e9292f6e5cc9540ee07eb87c2b8f8c
SHA1 f762af6ca1aea1f41723d2426b00de3be15f7447
SHA256 43e8ed0a6f7bbf21531e7cdca058305c31201206b76f2059561d42dd134e3a16
SHA512 c5a6119acbf56f9098e46477c09f3f94ce063dfe30115c2a8e3ea0edfeef89929263fa15c8209078493102aa95eac711ec94cd489f69bbac0e3d6d3c510fbc51

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_hi.dll

MD5 522d7f2b8e4976f84c2a68b727914b4b
SHA1 ad543087b4ba70c15ebfb323b8c26e3065f1cd55
SHA256 fa2eec546eff376cd011812465b39ea3fdb9bc31dc112bb32255fdadab906ca3
SHA512 4ef113bf30759c83e129aadb640d61ebe675408035d156ce2065eb9cd3c7be4e369074ab2230ba3f4b711686701bb3c794cf6ce604d98fd3da29f89c204ae163

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_gu.dll

MD5 c4e6b57a0226584073586e99cdfa3b50
SHA1 cd99e6841dcbb1124e9b6f127bdd298e0cad00c1
SHA256 a6ca3d56e5eec3ea6226582105d0c9fc27adcd988589f45eb2bfb8c02631fb7f
SHA512 5730076281e2d2f70b5c86355012ef9578ec9593a7c74918a4d16204d78371d48c8881c82d1b1d879ba869ff4174a4e17e294767d837605ad6841fc988fa5f16

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_fr.dll

MD5 236b3efa2e86006e2bfb445a4fb1ecb2
SHA1 cb7fdbba4e586a10c8d9c8648883061d5298cdb0
SHA256 4939d0f564fd60c5f8fed45a67ba9f18d0832c125b9a9a98404c8709d8b0c3e4
SHA512 208d070c2cb1acd5e7841c0e84659be3a914e00fef0467dbda77018988109b702909919d6a1a500371afec29d093c7f553ca2440513dc733d537102f0ed2bb89

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_fil.dll

MD5 1c7fd68b119a0ebc9cc4dc527a915f9f
SHA1 60e8969ea6253ede57654feca8d28261ea7a6972
SHA256 4a33c15ab1a4e0efe23b241ded92418c0e5ac12db6cc0d785800a7f1d93bb728
SHA512 66f76e647c9234a3c33739df4990f3af06af39b6d7736d3ee76cb05970d065f656011147c94f6721e7be3bc62738bab24a91caa9489ccef4ba7f26eee661e503

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_fi.dll

MD5 c2898309e8762751aed67dace77a891a
SHA1 3ab4944a404c027e592d5898811be1d38a7cb206
SHA256 c980b289b836b5ceff79007ff5e2297c50d797e4b5ed42263e7f2328d5392679
SHA512 7ec9ac4b98b9b8ce03b959d6768fed60b1907c06500f271f4cc128d48473c300da65e4e1af481023447ac76d6120dff753f201dcc6987a42ee9204278bb40bc0

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_fa.dll

MD5 9e04f506c3ab56af93155249e0a3345f
SHA1 cac2db5df0c6a9fd1761079421154d07eccfe018
SHA256 77693e4da8140844ce06db9ed1b77998923dfb163ed07a91d94583abc1104290
SHA512 58ff51e229c1c3824e526869bbec9475eb2ec9a9aa0591d425616a21d15aa0f435921088b0ff7a9a81b804792aed4dd833bc26d067fa5420ce4065fedcdf3fd2

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_et.dll

MD5 c89d4dfa4b02860e57d5cf8f834ac7fb
SHA1 997b19cb9ce50689847f65ff7c43f26b54057fab
SHA256 604e8f115462a1d02d702c0fa39c70efd7329d7ea3d9bcbcee4263cf7a177ff8
SHA512 a9fbb418a62e309039ecfc0557fde57b7896b42356e9f29a74e65069426790bd45aee11124f977546383d1ed677cfefbf52dd3396f7657e61cefbd3ed505a1a9

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_es-419.dll

MD5 9575d43932b581de1656f3f25138bbbd
SHA1 6074ac514180dbbb07d7c1aa1252691bee7f137e
SHA256 09e84f614815910038b46b532b18e4f2336c26bfd029ac0b995208a790e2e496
SHA512 c7405704f158c7f0d9b739547072d3c71ebe3fb41e67f61a30ec4989b08566cf8f1589e62d6d310facd03b6c116338321000a205e7a34fd5a8f2f64808df1122

C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_es.dll

MD5 9b90f39c6639be7643e944f669d08893
SHA1 199ce69dc4c663f501d6141cda0fb731d3cbe173
SHA256 04320cbfefe9f7f4a67690c2863c6e2727c793e0c949e6d880ebe828bf1ab5d2
SHA512 3e15aa59c197b7279c68dd4d0f02a73e87cd22da1c13ea35dc6e1cc8462cea42570eece4d836c99e88a97146833800026fa6c83e495645e6c32f3b6377caab67

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\schemas\plugins\asset\AssetGeneratorOptions.check.d.ts

MD5 23b2e592650b9f766354c61850bcbf5d
SHA1 0f44ef1078520b57b55f9be89419cf7b748b4691
SHA256 41a7a7ba151074d7866409bc5f8019a021fe26d846995a7d74de151561426f1d
SHA512 28ffa772e91519893f8d24e57942cee363c15adf59171026dc3322e72580a3014c828586e06d1d81ba0cdd684217560e6a757cdfed26d173ec2383ef3016da6a

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\bravojs\demos\iojs_tests\tests\modules\2.0\hasOwnProperty\test.js

MD5 b8c6df5be77377528b1502778dc3d060
SHA1 04e7dc9514fd58396b8766542aa3b3764fb1aa16
SHA256 6707f667fabd17f4f3d5bf5efbb0f2bd63a796840b13fe197f69034a0a258d94
SHA512 80b9ce50344b6ddf53ac82ef38e04b7d9c9a69de4e99c313ff648599d071e94b8219bc9dc3ab48b7a825c54f758d253e0b34d4a6fc31e33e1adefb7ecc00c258

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\engine.io-client\node_modules\debug\src\browser.js

MD5 20bd9fad97b79a0a28e550ade5cd3ab3
SHA1 e63a38b9e85d1d86dea2e02c6f885fa001b49d34
SHA256 4e3dc6d0e1db58a0d74206b443f35582d3b717be56a0f6d030c34af6c2ad9f62
SHA512 6905ed5f21c03abb872232b8356cd40ef3a8d095e2b944049563f87b006a4d480d7b4f5b58005f5d5265ab8a08ff0e3861fe342da060e5b73e45472391d3d47b

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\supports-hyperlinks\node_modules\supports-color\license

MD5 915042b5df33c31a6db2b37eadaa00e3
SHA1 5aaf48196ddd4d007a3067aa7f30303ca8e4b29c
SHA256 48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0
SHA512 9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\socket.io-parser\node_modules\debug\README.md

MD5 44d6d103f294667967e0975107c50e59
SHA1 86a542a5178a95047aab606b0605cd8d56e7053c
SHA256 27542cdec68da894345048dd553144e12764fb1f1c33e602bec276d7a50c56a3
SHA512 dd8222e2ed98720c4ce9018d0c464319c9468224d902e61c2b41c978a680eb9dc01d2094d8513868fa653f7a9b235ad9f9aa26e6d12a2399d5c7e4384f0aa381

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\bravojs\demos\iojs_tests\tests\modules\1.0\exactExports\test.js

MD5 a2af663dda238850bd19d1413ce63b24
SHA1 894adb4db5a1cce69467d87d3e92b77c0dad63b7
SHA256 fa23f6deac8cc740605194f63a38e6f17b647ba03e9d40b1fe2f7f6affb3fc79
SHA512 dd62b77f17717fbe17c922174fc96b8df9b5b0e077513c6fb4193b5e07118aefcc8ac1f31e7c3526ba32dfff44526d9a2ba3d35c7e28e4de46b8ba72e42fd718

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@webassemblyjs\helper-buffer\LICENSE

MD5 c617241c1319a73d00c000b37772e818
SHA1 4c69ebd5d7bcc1792fbaa02403650ba16b00832f
SHA256 6d651b5b749b483278531be91623014bdfc12951278a33d6e43477db60a620ef
SHA512 07529d52ed9bcfa4a18650b5381a14b2e448028c9600375429f692f3c2e78fd08cfc3c6d6f4a3a278c6b43b6b8196ef1b8b8124cebc03d6a57e335d695ee355a

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\engine.io-client\node_modules\debug\LICENSE

MD5 d85a365580888e9ee0a01fb53e8e9bf0
SHA1 59e43165aeefdfe28d5e497a0aaef79d6d622af0
SHA256 3a61c6c96caf5c1d9b623fb9b04c822b783dfcb78aa7e49c76a3f643e6ed7f95
SHA512 3489ec3783403daa899ec5bd89d8d23a7386ab2cea6243ccccb23d2cd7a69c735f2852d66a6c3571d22a7bf724823173c8c115c4e49b9120331638145e3dc058

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\https-proxy-agent\node_modules\debug\src\node.js

MD5 6e63fda079262f01e14f03bdf77146c0
SHA1 481608e3c95722f3a474336e5b777a6a521e76f9
SHA256 f237adcb52849de7c128f57e0468b52353c529a6c8341810477c0e7144359559
SHA512 3017b4717118f56fac106dcaa046aecf3cc63c37e64f49838e5379a13583c293f39ec5ace48fb2dabeac6af4a967f96219812733ead6f36c3f5c8d132d795900

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\regedit\node_modules\debug\src\index.js

MD5 d6c53f5a0dd8f256d91210ad530a2f3e
SHA1 0f4ce3b10eff761f099ac75593f7e05b149ae695
SHA256 aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3
SHA512 4faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\socket.io-parser\node_modules\debug\src\common.js

MD5 28e94a3cc7d081498bea5ced383038f6
SHA1 c9707394c09387b56864a8865158d29fd307774a
SHA256 c65bff44c189188e0c45afdbd9b02c427ff5c6e54b94da53c102fbb7a53f0e37
SHA512 5775d4c9b823dc9514488a28f2bfcba990a13defdfc5992e1ffec915ca5e6ec2ba87bddb1cb7f4b772345a14b4041f98a74f7bcc9d9be2a3371e3002c33bbebc

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\resolve\test\resolver\foo.js

MD5 0c1d9e1731bb3d71b0b7a15695bfab14
SHA1 db311f33466c97593aa59411fcfd87e8489d8f50
SHA256 6e66e366f0aefb84ad8110afcd9b2245702c643c831edf8316ff048fec739d2e
SHA512 45e19626ce38abfafe540dd1b108ef171a927b97bfa75fd3943f5f2670e2db6e58af7a33fd3caf0a75fb0e8fac0961928627b9abc743234de97c320b7dd09918

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\https-proxy-agent\node_modules\debug\package.json

MD5 2630a1ac039c8970c8fb0daf0f2f03c4
SHA1 ed6fe3dcf77a4c2ddadde904c5b1fc47cf9893c7
SHA256 754ba4f352a9b983fbbf93cfffe015d29bc789a08eb05815270abf50902697fb
SHA512 a017d21a1ecb159065bc32b94b38de03b38c10448b85f88bfe1498b144320884d612a868b9db192d6acf041f88da415f953d9dd8541ee29e4053e2463dd54791

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\blessed-contrib\node_modules\chalk\license

MD5 a12ebca0510a773644101a99a867d210
SHA1 0c94f137f6e0536db8cb2622a9dc84253b91b90c
SHA256 6fb9754611c20f6649f68805e8c990e83261f29316e29de9e6cedae607b8634c
SHA512 ae79e7a4209a451aef6b78f7b0b88170e7a22335126ac345522bf4eafe0818da5865aae1507c5dc0224ef854548c721df9a84371822f36d50cbcd97fa946eee9

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\tunnel\test\keys\client1.cnf

MD5 05ed3e192dc805c6abb64ac63489aa51
SHA1 9aa30cdb479b144b71cc7b4a30c3cb53c905492a
SHA256 b0d7be40a4cf3eed9985857f17c8751799b1451d3848d91ef3ab68c5b4d4be71
SHA512 3f0e0489a703d32e8aaf5a33eb14747288a3867c56b6f493da92199c7981cb35c8649fedcecea83e427faa5de71663a5844ce01597859f7820ea728426ecb43b

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@types\eslint\LICENSE

MD5 d4a904ca135bb7bc912156fee12726f0
SHA1 689ec0681815ecc32bee639c68e7740add7bd301
SHA256 c2cfccb812fe482101a8f04597dfc5a9991a6b2748266c47ac91b6a5aae15383
SHA512 1d0688424f69c0e7322aeb720e4e28d9af3b5a7a2dc18b8b198156e377a61a6e05bc824528fca0f8e61ac39b137a028029ff82e5229ad400a3cc22e2bdb687ad

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\chownr\LICENSE

MD5 82703a69f6d7411dde679954c2fd9dca
SHA1 bb408e929caeb1731945b2ba54bc337edb87cc66
SHA256 4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b
SHA512 3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\domutils\LICENSE

MD5 d5b9cb3bc7f6ffd7bea8661f30447c11
SHA1 a4b5765e26b195e972e961e2c241a54eff51dafb
SHA256 cb992345949ccd6e8394b2cd6c465f7b897c864f845937dbf64e8997f389e164
SHA512 ea3679d79a1a7161ff68dd4265d7e89b9ee2bfff4f32d8da4802692d6fdc5c1706ff9edd5dce36ad4e88f7aa5f76061cf4cc8794a010efbf39b5bcb1ef08a550

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\map-stream\.npmignore

MD5 3aa88e1b4178e1364504595cf52245d4
SHA1 ce6ec6945a433dabf9df0dab82f65f8bbca4feba
SHA256 a1cd9589c07a23e3a67e8c6017e10a46d26085a85c7b55dee70192c788b1d1f8
SHA512 fe5a4c0a22148adead4acc911203a9299515cc0c65a5ec1969e7ede69cbe7152a7ff6a52efac98c460a17844fc9ebea6676b2161c5b1febb501463ae5a120f76

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\nopt\.npmignore

MD5 3d10912d07e7bc8cd7d2faea51adb2d8
SHA1 8b894ec0b3bbc33011392ad9bafeb1df2634db45
SHA256 16d30e4462189fb14dd611bdb708c510630c576a1f35b9383e89a4352da36c97
SHA512 8d609d64d4e3f7b92e6cb047b2c416902f59f67b716cfc1b030ff4a745f78e2cb65caab8fa38d39cf28e3997fe35ccc24c2e6b1c02de7a39e821467bdee70561

C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\LICENSE

MD5 95a881ed5cb29fc8a0fa0356525f30ac
SHA1 3bebb9ba92e45dd02a0512e144f6a46b14a9b8ab
SHA256 9068a8782d2fb4c6e432cfa25334efa56f722822180570802bf86e71b6003b1e
SHA512 e2bad52e4e244a06f50bd64fcefa7c942febfac5a814c71095106fd3be64634b8381895d4cce884fbe3b2c20043ce210e6322b135b1b9fb2965bd4ae7a57ba8c

C:\Windows\Installer\{5E73C3C5-02C5-4CF3-8916-F16E61D262A7}\DCP_ICON.exe

MD5 277e355779ec68ad1ac62b27ad3a6294
SHA1 88b4a2b54c9b96dbb99d5d011a88bb8cdbf8cf95
SHA256 0e35a0aea113abe09c19a7a07b20266f2cfab0def910ec1ba86394e7ed8559b7
SHA512 78a769e1012c47c167e6eed73a34b765ff97c931d621e1c7582fcde7ded904ef37e38cee81cc5c641db4a29f819033d6f8a0d389ec52ee52f8f188919cc8d140