Analysis Overview
SHA256
8a53b1e0c787619cc646f9c37e2ccee0e20c1a9e65dece4e79891f6a0fcdb573
Threat Level: Likely malicious
The file dcp-worker-6.0.3.0-windows-x64-8a53b1e0c7.msi was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (154) files with added filename extension
Sets file execution options in registry
Modifies Installed Components in the registry
Enumerates connected drives
Drops file in System32 directory
Registers COM server for autorun
Drops file in Program Files directory
Loads dropped DLL
Executes dropped EXE
Drops file in Windows directory
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 23:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 23:51
Reported
2024-06-10 23:54
Platform
win11-20240508-en
Max time kernel
144s
Max time network
152s
Command Line
Signatures
Renames multiple (154) files with added filename extension
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B}\Version = "6,0,3,0" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B}\Version = "6,0,3,0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B}\StubPath = "msiexec /fou {5E73C3C5-02C5-4CF3-8916-F16E61D262A7} /qn" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{623BA780-9CCC-43D7-8C6C-37DFC95BB35B}\ = "DCP Worker 6.0.3.0" | C:\Windows\system32\msiexec.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DistributiveUpdate.exe | C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DistributiveUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\dcp-screensaver.scr | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\lib\dependencies\SystemRuntimeModule.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\yargs\build\lib\utils\set-blocking.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\regions\GY.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\browserify-aes\modes\ctr.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\lib\WebpackOptionsApply.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\secp256k1\src\secp256k1\src\field_5x52_asm_impl.h | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\iconv-lite\encodings\dbcs-codec.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\regions\TM.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\json-schema-traverse\.eslintrc.yml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\resolve\test\nonstring.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ajv\lib\keyword.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\tar\node_modules\yallist\iterator.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@jridgewell\set-array\dist\types\set-array.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\regions\NZ.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\features\css-gradients.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\cliui\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\_baseMergeDeep.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\undici-types\header.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\neo-async\groupBySeries.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\p-limit\index.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ethereumjs-util\dist.browser\address.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\yargs\locales\ru.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\socket.io-client\build\cjs\contrib\backo2.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\fp\wrapperReverse.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\regions\WS.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\events\.github\FUNDING.yml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\.bin\semver.cmd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\isobject\README.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\fp\toArray.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\_toSource.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\secp256k1\prebuilds\linux-x64\node.napi.glibc.node | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\fp\isObject.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ajv\scripts\publish-built-version | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\type-fest\source\conditional-except.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\jest-worker\node_modules\supports-color\license | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\keccak\src\libkeccak-64\KeccakSpongeWidth1600.h | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\iteratee.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\features\tabindex-attr.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\node-pre-gyp\lib\build.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\lib\runtime\EnsureChunkRuntimeModule.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\.bin\atob.cmd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\lib\dependencies\HarmonyExportSpecifierDependency.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\_mapCacheSet.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\socket.io-client\build\esm-debug\manager.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@jridgewell\sourcemap-codec\dist\types\sourcemap-codec.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ethereum-cryptography\pure\hdkey.js.map | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\features\dnssec.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\wrapperLodash.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\ws\lib\validation.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\hash-base\node_modules\readable-stream\readable-browser.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\polyfill-crypto.getrandomvalues\index.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\htmlparser2\node_modules\readable-stream\README.md | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\gl-matrix\bower.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_sw.dll | C:\Windows\Installer\MSI5561.tmp | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\neo-async\reduceRight.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack-sources\lib\Source.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\bravojs\reference\CommonJS Modules-2.0-draft-8.pdf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@types\eslint\rules\best-practices.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\resolve\test\resolver\false_main\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\engine.io-client\build\esm-debug\contrib\yeast.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\string-width\index.d.ts | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\caniuse-lite\data\features\wasm-reference-types.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\clone-deep\package.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\lodash\fp\hasIn.js | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI39E9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI94B0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{5E73C3C5-02C5-4CF3-8916-F16E61D262A7} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFB719B806EFDEC7D1.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2B9F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5561.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9346.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{5E73C3C5-02C5-4CF3-8916-F16E61D262A7}\DCP_ICON.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{5E73C3C5-02C5-4CF3-8916-F16E61D262A7}\DCP_ICON.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e581e22.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e581e22.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFC4B636207C53C0CD.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{5E73C3C5-02C5-4CF3-8916-F16E61D262A7}\ProductIcon.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF05A50B3B8250A656.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2F1B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{5E73C3C5-02C5-4CF3-8916-F16E61D262A7}\ProductIcon.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9422.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9935.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF7327BC3D3F8800D9.TMP | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041}\InprocServer32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000000c993a456edcb2280000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800000c993a450000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809000c993a45000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d0c993a45000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000c993a4500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Control Panel\Desktop | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\SCRNSAVE.EXE = "C:\\Windows\\System32\\dcp-screensaver.scr" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\ScreenSaveActive = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Control Panel\Desktop\ScreenSaveTimeOut = "60" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA560363-C9EE-48F9-A0D5-C42A9AADECED}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5CB5A27-A170-432B-902E-150EDDBBB1CF}\ProxyStubClsid32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E605C9-890D-4FBF-89A0-4A0851B304DF}\NumMethods\ = "23" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2FD0ECCD-6BCA-420D-9A0D-A4F5D8DF0838}\NumMethods\ = "11" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C978491-79DA-4CB7-A09D-C74E814857E8} | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E73F82EB-2875-4C0F-931B-4D97566E9536} | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA560363-C9EE-48F9-A0D5-C42A9AADECED}\NumMethods | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6AF5D414-E02C-4047-A448-46F7F6785AA4}\ = "ICredentialDialog" | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C978491-79DA-4CB7-A09D-C74E814857E8}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CEEB9852-3DF2-4148-B9EF-256BCA748A57}\ProxyStubClsid32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A4EB4CB-6E0C-4D0C-A97F-CD08B6AAA13C}\ = "Google Update Process Launcher Class" | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A403E53E-EF45-49FD-ACFE-2865E7A66624}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{73AAEC8A-6C30-4AF6-AE2A-3ECA2B2D803B}\NumMethods | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{16F6D3AE-4D0A-4EA2-AFB8-16EEC55B90FD} | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A403E53E-EF45-49FD-ACFE-2865E7A66624}\NumMethods | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6AF5D414-E02C-4047-A448-46F7F6785AA4} | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C978491-79DA-4CB7-A09D-C74E814857E8}\ProxyStubClsid32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.CoCreateAsync.1.0\CLSID | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18} | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8617C958-0795-4AEF-8BD7-468CAA7D895A}\NumMethods | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2FD0ECCD-6BCA-420D-9A0D-A4F5D8DF0838}\NumMethods | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E73F82EB-2875-4C0F-931B-4D97566E9536}\NumMethods\ = "41" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C34845D-1CD9-4223-AC11-13320F38EAD4} | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.Update3COMClassService\CurVer\ = "DistributiveUpdate.Update3COMClassService.1.0" | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5CB5A27-A170-432B-902E-150EDDBBB1CF} | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A403E53E-EF45-49FD-ACFE-2865E7A66624}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F34AD5DB-3637-4CE3-A02F-829C91EE5BF4}\NumMethods | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.OnDemandCOMClassMachine\ = "Google Update Broker Class Factory" | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0665F70A-EBB3-48E5-B79B-3D6F86055041} | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B659A62-B4A2-4A4A-81F2-D9FDC4613249}\ = "IAppWeb" | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AA560363-C9EE-48F9-A0D5-C42A9AADECED} | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27B5B33F-D14A-4529-8F26-3E907F5C4A89}\ = "IGoogleUpdate3Web" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A87A96F-4081-4F5F-84AE-B329561D98E4}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.Update3WebMachineFallback.1.0 | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD8B755E-A69A-4E81-A36A-523A6D5CB7F0}\ = "Update3COMClass" | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED25BB16-6A6E-45CA-8749-5CED3C800904}\NumMethods\ = "4" | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B659A62-B4A2-4A4A-81F2-D9FDC4613249}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48AE3506-23F9-4DAC-B497-476CC583235E}\NumMethods | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BA6FF32-B911-4935-A40F-CCC1A53B9D94}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D84FF18D-48F9-4064-8698-B2C2A329EF4B} | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.CoCreateAsync.1.0\ = "CoCreateAsync" | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.CoreMachineClass\CLSID | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B839611-5B50-4910-99CC-C004B7FA8D0B}\Elevation\IconReference = "@C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\goopdate.dll,-1004" | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9FF1873-1A0B-4F40-9D63-2BAFFFF08680}\Elevation\IconReference = "@C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\goopdate.dll,-1004" | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3AA02BE4-4159-425C-AC0D-F379C958D76E} | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.CoreClass | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11880163-C9E5-479C-93DB-DF4AC84EDF18}\InprocServer32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6AF5D414-E02C-4047-A448-46F7F6785AA4} | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E605C9-890D-4FBF-89A0-4A0851B304DF}\ProxyStubClsid32\ = "{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.Update3WebMachine\CLSID | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C0A62FE8-C7D8-48BD-97AC-257C6D03A498}\InProcServer32\ = "C:\\Program Files (x86)\\Distributive\\Update\\1.3.99.0\\psmachine_64.dll" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D5CB5A27-A170-432B-902E-150EDDBBB1CF}\NumMethods\ = "16" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6AF5D414-E02C-4047-A448-46F7F6785AA4}\NumMethods | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36D4B3CB-05A5-483D-B904-45FBCE5D19CB}\ProgID\ = "DistributiveUpdate.Update3WebMachineFallback.1.0" | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48AE3506-23F9-4DAC-B497-476CC583235E}\NumMethods\ = "43" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA560363-C9EE-48F9-A0D5-C42A9AADECED}\NumMethods\ = "41" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\DistributiveUpdate.exe | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CEEB9852-3DF2-4148-B9EF-256BCA748A57} | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C34845D-1CD9-4223-AC11-13320F38EAD4}\NumMethods\ = "5" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000CF995-AD74-4D60-BD66-3DDCB6AC2222}\ = "IPolicyStatusValue" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E73F82EB-2875-4C0F-931B-4D97566E9536}\NumMethods | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DistributiveUpdate.OnDemandCOMClassSvc\CLSID | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{15CE973A-ECA9-4EE3-8A87-31E03541D200}\ = "IProcessLauncher" | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27B5B33F-D14A-4529-8F26-3E907F5C4A89}\ProxyStubClsid32 | C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\dcp-worker-6.0.3.0-windows-x64-8a53b1e0c7.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding BD8DFA545F0FD2F9BD13FA7797F14E8D
C:\Windows\Installer\MSI5561.tmp
"C:\Windows\Installer\MSI5561.tmp" /install "runtime=true&needsadmin=True&usagestats=1" /installsource enterprisemsi /silent
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe
"C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe" /install "runtime=true&needsadmin=True&usagestats=1" /installsource enterprisemsi /silent
C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe
"C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe" /regsvc
C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe
"C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe" /regserver
C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Distributive\Update\1.3.99.0\DistributiveUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe
"C:\Program Files (x86)\Distributive\Update\DistributiveUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy45OS4wIiBzaGVsbF92ZXJzaW9uPSIxLjMuOTkuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntFMzQzM0JGMi1ERDMzLTQ0NEUtODVGMi03NEMwQzc4MUY1NDZ9IiB1c2VyaWQ9Ins5Q0JGQTQ2My04OTczLTQ4QUItOURENi02M0JFMkY1MTYyRkR9IiBpbnN0YWxsc291cmNlPSJlbnRlcnByaXNlbXNpIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins5MUFFREMyQS1FNTEzLTREREMtQTdFNy0yNTUwRThDRjc3RUR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjgiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7QjM1MTk3MTAtNEQ2Qi00OTkzLUI0QTUtOEFDNEQyRDQ5MzhCfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjk5LjAiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNzA0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 4626586F2BE33355290204C8FB78B700 E Global\MSI0000
C:\Program Files\Distributive\DCP\dcp-configurator.exe
"C:\Program Files\Distributive\DCP\dcp-configurator.exe" --set "" "" "C:\Program Files\Distributive\DCP\\"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files\Distributive\DCP\dcp-supervisor-setup.bat""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\Software\Distributive\DCP\dcp-client\dcp-config\worker" /v defaultPaymentAddress 2>nul
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Distributive\DCP\dcp-client\dcp-config\worker" /v defaultPaymentAddress
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\Software\Distributive\DCP\keystore\default" /v id 2>nul
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Distributive\DCP\keystore\default" /v id
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c call dcp-supervisor-keystore.bat 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\Software\Distributive\DCP\v8" /v "options" 2>nul
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Distributive\DCP\v8" /v "options"
C:\Program Files\Distributive\DCP\node.exe
".\node.exe" "dcp-supervisor\keystore.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | updates.distributive.network | udp |
| US | 8.8.8.8:53 | updates.distributive.network | udp |
| US | 8.8.8.8:53 | updates.distributive.network | udp |
Files
\??\Volume{453a990c-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{3aaf74f4-c398-4cd7-ae7e-de56051c0350}_OnDiskSnapshotProp
| MD5 | 503eb848a4a9d54ae9d16616f5429957 |
| SHA1 | 5984c3bea484e7620bd8b22d021643c99cc72af0 |
| SHA256 | 445a6a45ea5f1a569d0098acf48484d2d84847db4ec97f5c48740698b0e76afe |
| SHA512 | 09ebaf2427ac8614e9a1592568c33aa69cf143bc626ae39dd39afeb4856540e1aecaaa6bde235e1588f8332bfa353dfbb1561a43352bbae40c84784acd5dae26 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 3e569948c14aff34a670f0f3f384040d |
| SHA1 | 65266de10390183a25781a85cd0c67048bc8b252 |
| SHA256 | d4cba0b3d5f6e7a475e7bce61824e1eb66450b4357017336b04a89429553d0ed |
| SHA512 | bcf40cc67914f880b34bc220c7fb5c18571fdf93d075f08edaa1f68f50d3d695da0f75917f345eabd57ea366990b2652773d424d208f6aa61eeed2e15977124e |
C:\Windows\Installer\MSI2F1B.tmp
| MD5 | 93394d2866590fb66759f5f0263453f2 |
| SHA1 | 2f0903d4b21a0231add1b4cd02e25c7c4974da84 |
| SHA256 | 5c29b8255ace0cd94c066c528c8ad04f0f45eba12fcf94da7b9ca1b64ad4288b |
| SHA512 | f2033997b7622bd7cd6f30fca676ab02ecf6c732bd44e43358e4857b2cf5b227a5aa6bbbf2828c69dd902cbcc6ff983306787a46104ca000187f0cba3743c622 |
C:\Windows\Installer\MSI5561.tmp
| MD5 | a14a87e0e3676dd8fa3ab67f6fb61cd2 |
| SHA1 | dce5635baab073c9a11fca5c00a2e001d9c21f6f |
| SHA256 | f8dc4300eb81f343f586bc52a50b600b45d1b7e54b73fb522525db2ae303558b |
| SHA512 | 5b2c8f07281966ceb13eac129a6cf4cf89ed558cbe8a9f3d3b48fd1f054b4fda48d164336cf7e43189e753ff7851b9043d81b7259a8dac214948d8fe02c216af |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdate.exe
| MD5 | 60d3870900fd35e8daf5966ce006cda7 |
| SHA1 | 877169685f0a855144908793d10b4134808ca441 |
| SHA256 | 9bb52ce0fb2aefad058930790eaf50da3476cd5a749d87b00c3e0882a20aa453 |
| SHA512 | 239b6fa51d9f0668d9da9d6ec0b0bbdbd39bbd8fe06055f55b2ac8d13c804a65beb85bee11f9d4e53280344fa185892da1eab96a838a3a705ef0e747e4257c3f |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdate.dll
| MD5 | eb17ccd15d1d64904e9ac4c9c91292ca |
| SHA1 | f80b3b91b19d78d3995fee25cb9f5fbe175654bd |
| SHA256 | 34a20e85130132ffe5e47896539977d3d17467dd527040cb5be659605d5945ed |
| SHA512 | 14adda4a08a7894776a7cab44c852be5de2bd52f4a2b9184124ac928762363992612fdfcffbea19b361b8d720266654c4464f2b5ef76db6aa40ba4da1816e51c |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_en.dll
| MD5 | 097c46068d821485a554c2d3df3a69a0 |
| SHA1 | d272f5b7fb80963b605fbe9a2954edf5741e3ddb |
| SHA256 | 0df34914d438bd2d2408f7c1efb3bc5e40a4f74b1864de9e88f4a18ca612b5e8 |
| SHA512 | 83aa23a758ecc6aeba0b10fbcfe327901b0f4ddd03988b4fe814f5c48a8ad2cd641ee0c13d452d25216cd60a40e4a5668d8ac65c1770d3d3d1cc310e88aed066 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdateCore.exe
| MD5 | ce5c61b614321bb5a3cb04c91d279806 |
| SHA1 | bf990b1e7687d9cffbbaacd1fa44b14bcb48a6e7 |
| SHA256 | de62b279f331e18ea9174710c2e0935ee071f1920ddca535a143611e50aec492 |
| SHA512 | 89c95ca002809ebabda0e770bcbe1763b1f1417d894fe58dcdb8b057a9a4ac52c8342f242d644fe9049862742099d1250575f0fd5d6e946801543d73306cf6a3 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_el.dll
| MD5 | 5664568f0cb8a5bfdbde3c290c9e8f8d |
| SHA1 | 27dd1d667db5011e1d75d76c20b13203717f8082 |
| SHA256 | fbafaefccd5c8c94b1b18cdc1c606710719a67c89d6674dd42ea07e7a58c65c4 |
| SHA512 | b537c6d4346abdfebf204ccab6b4d80fd5de1c0a2625322b4e773b0c0284b8d0372a606b529e7f3433bd4ce6c2676c7db1703f9e515d14bfc85316380a8b7354 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_en-GB.dll
| MD5 | cfe541c7e363602e714040cdb550843e |
| SHA1 | 85634e523fcb1008adb789904eb52af945207369 |
| SHA256 | 5629113ca8ef5abdd610c4505cf1417a3fa6d951788a852672cba57c774bd6b3 |
| SHA512 | d00084f155bd9163edcf4f13192d17f034c1b478c9e5ed002c699db85342d7cc207cd2fd3a3a359638103c7ab221e3fb195137d31ae23445f906b65605038ec5 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_de.dll
| MD5 | 38db93a526841ceebfb6220423da362d |
| SHA1 | 6c27b5f592329e7ab4c6df91ba07d2048a604ae6 |
| SHA256 | 1f493449ccf7664cda6b723e60f79ddb0513f13c3e531e5229bcacb6acf59bea |
| SHA512 | b5914bd7407b6afe2a66eda038c5f207b1b8f67984124692214f564e135fb6da8f629867339f8c4d7c390c0ce1bfc27aabec81025e70f7edb400dac1ef1df21b |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_da.dll
| MD5 | 3bd1a87c818b007a7b349cf46023df8a |
| SHA1 | 62a4de61ad01ef75907c47dfd6a77a226e955042 |
| SHA256 | ed55e02334dd4f8e85612997f49ebcb23d43c449599ae129bedb78b96f06af3f |
| SHA512 | 3323d459b3a6f6699705a7d3aacb0bec32d7fa47f4cfc74ad8b242cfb7cab9af0463f232bad26795bdce4681708b5f9d233afc8a490df1b2cf66af4fe1a57a18 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_cs.dll
| MD5 | 797ed39702f719e43d8ef6a6baed8a57 |
| SHA1 | 022e54f0058b4cf0849ac952936a213f4c6ceb31 |
| SHA256 | 3de8b7e9742fb7d2c9d28bb5cd8f9fc2d194201d4b31a9fde06809189f3d0871 |
| SHA512 | 5155e0f216f7139ae59478caa7eab2ceb94f3b27bc8c4d8d3ba8699d1e2e6906c1d8b5a8567736b53e01c79da75f70ed74e3f843a024fa944493b4919365f48c |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ca.dll
| MD5 | ad8963cfd3a98edb2f78851d77afed3d |
| SHA1 | 617dc8fd40cc62af276558dcb6be62ec22319721 |
| SHA256 | bc1cafa869af022312a666646fe4a01a44244a6e03dc1f70f6027f44fa7447b4 |
| SHA512 | c49721f43d7e73b1fdbc990da7e1ef0cb746b524b16b85b65aef1ace681c2f7a36697f57f4168a50408d2f3f3eb4d70c9293dd5e5257db0fdd14f088ec2d9aa0 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_bn.dll
| MD5 | 555ed1a7c9bb55a39da534833a722989 |
| SHA1 | 225d3a7fdf7726bd06b6246dad98f5c53fa009ed |
| SHA256 | cd5ea9a9bc626629b999f0c8c93c2f851e85ec18945f0514be7903399a3ac7d0 |
| SHA512 | fc959e2800e1596c0c8ea00789d0a3d96ccf06ea23efce928a429931f19a9d6d8545c6b57a2280c2d755e712a114493603659179999edc160925e8d07e041a2d |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_bg.dll
| MD5 | 41cfe56780117253d083ecc71e1f8ad4 |
| SHA1 | 138a6107efc05ff5802b0a734c817cf945d6dc39 |
| SHA256 | 669e3bcbb20871a0c5b02f4ca31bec1733abeea947c9bcf5414eb8380f7d18a7 |
| SHA512 | 3665b4c2cac54db5f11c738621fbf454672c0f0b94320d48b88adbd3cadf83215d5733b58eade9f09517088ea0da432547b2f1d4d3580c37511c11b10d93e8bd |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ar.dll
| MD5 | bdcccdb5d1271f513489822d9fd4e57e |
| SHA1 | 6a4b60ab3c9d7d0afa756e43772220f617fdb33d |
| SHA256 | ca24a9dc26c48c9042713c3ef4ecd262c3cf45e054d1e23ec6c62171e4880bd0 |
| SHA512 | e6f0cf4d7bf98667faa96be55b08a7f951971844252524642777e3d551a22b2659620ac81f80cd72871c0f6746cfcdae519a5ad961feda36b66f74e7b163da13 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_am.dll
| MD5 | c6f7c280f2939fffbab6a14bb1b4fb5c |
| SHA1 | 03ee0a4fb2c9657ad06ad9c6476d98fda619d97c |
| SHA256 | a0c714ca4f3f21e9da84f7e443ff4f286f756997a4bd10473957ab08720d3f8a |
| SHA512 | 5fe938cdc33c94d2dbf8083da2c1af60dccfe376df66fd841407963b58b4b912f3d6367896d76902dce96731d1d6a1de22d8d7938bd0dd0807c91c596470492d |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveUpdateComRegisterShell64.exe
| MD5 | fce3633181279f9515ce26b656da02bc |
| SHA1 | 50c9b881051487466063892518727154524c6eba |
| SHA256 | 1687d1c080ad85104ee122e99ecf8022cbca750875aa5d87f41b25e148c9f70d |
| SHA512 | df48cbf7a5e76ee9d296084ae9139962b1c576bc243214f9718fc90b6f9b4d2cee0865ba13d90b2d9756055d212fa5d9816755abef31115626fefdee622a03e0 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveCrashHandler64.exe
| MD5 | 3c15413c7b5e8b8185576fb9ff43b960 |
| SHA1 | aef99c7a77999c49a6beabc610c2cab219581484 |
| SHA256 | 5eae3a3570ed2c34a4be01a4e661e743cc455d89c14aa5edd4f05bf16cdb4509 |
| SHA512 | 423a71414d5cfeaf24754f85c1231f5a3c2f65a85f13cca7d55edcefd04eda1e71b11269f3005a2b945cabb9850b1169e44b5319e9e2110cc0674c872e3da25b |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\DistributiveCrashHandler.exe
| MD5 | 594300d1cc95b4e44b6c040e57d824de |
| SHA1 | b1916f714dc1fb47b11138fc191635c17209cc8e |
| SHA256 | 3d6152060f3b0f656b853496ad81d3608ed4e4562591670dfbded8f866ef93aa |
| SHA512 | 65dfc4a6276d6cc16148d61b16cc2ecb8c42722ba06d51c7c7ea3a053190356d5fa7a58fca5c45533390a6a5107718fc3f1790dae5f9850d8bc0d905c820fa05 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_iw.dll
| MD5 | 1150aacc8443e7669a704b9e5057e593 |
| SHA1 | 83afcb47d597b7a8f45865ee5978c935c37e9b09 |
| SHA256 | 203922a7782537b382dfffafc2e8dea16e5d0988ed4008efc1d5822080844173 |
| SHA512 | cef3e0a90713fae37ebdf7d92aa3f066d21aa28f58ddad19dd3a382ed8b8f1e2844d08be6c1551ab4808b1a96993fa005768867bed8bb462d70d1b73aaf3af3e |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_kn.dll
| MD5 | 38dc185feedf909eb80d2289b5a00456 |
| SHA1 | aca01b54beba723dad3617f5409f5af426315785 |
| SHA256 | 3fb98a41857aa34fe7af3e76c71c77c7d76acac2597a85c318cd7e0a5ec4888d |
| SHA512 | f046b131cca0e130cb8fda392884cbe47f88bf7029045a1db6ee398ffb9433ceba46410920e7bce7faf4d055c86cf405637c9e62be718c7ec1c7ccd6cf6f1aae |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ja.dll
| MD5 | 6dd4e839124042a0cc403f1de1fe3916 |
| SHA1 | 2b9e673529fc3c747733d8e4f373169ca90ce903 |
| SHA256 | 88b1ae891d335b6b42c01117ab80a21d882fd006c40f2336495dbd484df2e0bc |
| SHA512 | ac80e1f454c7a5901671e95dfe29ac9f5ee41f91b0d263516807f1346207145396630a2678902e101b7e69666516360c98a1d3f34914bb0ae05d8ddb3cfae630 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_te.dll
| MD5 | d16bf7d131f25276f4dbc3b0b65afcc3 |
| SHA1 | 4ea64211a55cfe0a0ac75c9be382a29ba2e4c1c6 |
| SHA256 | f885d8d3cf60219fb8c1bc526ef2e8cd049502a7b1ed4145e22adbbbe5f3f364 |
| SHA512 | 043a670badd9672e0847f1ae473f9bc014955fdaf18f1377a9a1f3b6b23b0b4f338c271f0d43f826f4a5fe2e03edaf7c20849d91033ca5066af5025a7818b97b |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ta.dll
| MD5 | 20afb56746e30d5a9e94bbf21d9ee3ce |
| SHA1 | 6ffead19533b4473a9cd18d91205d42831fa4cfc |
| SHA256 | 5441a3d2806855824885f89d36644bf71441f333e63f00a00f0820a45b9a50e1 |
| SHA512 | ebc146888750a7b3341aec6e678e0a605b4b902242424be78595bf5371cf57ebb0b2554bd89a07b649e2076f15f838a11c5f00f9362f61c724e5e20d59542feb |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_sw.dll
| MD5 | dfedc30b777104d514922fec531e496f |
| SHA1 | 8758310f2c06a54995610262ad2947bc96105cff |
| SHA256 | 6ffd9e40238c46458d5285519d7fe1d6e8df14d744c488f19a65bf5b0b7cd68e |
| SHA512 | 77b8501c3394540724c980cfec27817cefabfea002db3df1f2cf4b52df3c1c08d7c33ecaa4e48bae2a4b94e3d3df6435c0ede94ff31bafe7251a26b8f8ab656d |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_sv.dll
| MD5 | 03ca635d7e3c35b94d232ad66e785c26 |
| SHA1 | 75a11d2c74614187a69d7afd3fbee0823f397966 |
| SHA256 | d7fb94e6a9d96235f6d8940a1f4c209f02cc11b8497fc44d2b3cb525ea1ba53b |
| SHA512 | ef6d362598cea2891b1246a4dda996139393f4b304724b8ebc7398988ccef3cc6c2c828a946fd437cf579854ebf1083837c1d26f6c59372c583bd3e10860bceb |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_sr.dll
| MD5 | 3ad69a41f6ebab0f900d8443cdceafbc |
| SHA1 | e88c94a3917bdd0cdc6660a40b4cb83e18c15a1c |
| SHA256 | d7ce1de5204234f590e73d390fa8c83abb173db2f67f14370920469a2b4f76c0 |
| SHA512 | fa461c3acefbf15f2031fe7739cffca83e4aba8806d94fe26e053c136c0f1f60e9ccd597975d58fb9c7ff9b9dcca943a01a34924c0f46df4eed999516ed8c59f |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_sl.dll
| MD5 | dc4d6deae888b66a16e9c6b9b0627ae3 |
| SHA1 | 55169115de150c4e0423387077aac7a39e2be579 |
| SHA256 | 4e0d9b696fd050c953264d003bda306aa75c47df8b91ebd2803d08a3e96b1807 |
| SHA512 | fd9654fae0a28e5b715416fe83a5db5af0381aa41dd2c2c678a27b59e4d1ad3205f5bb85e979068773178b9836229586096a542f3f642fcb1a37f7184b5fa0ff |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_sk.dll
| MD5 | 88f73b214e0bc2a133201883944aa26b |
| SHA1 | 92d85159b889ad29805fb8692a85e645c1068422 |
| SHA256 | 26fdefffcf5a603418a95295bf31a99bb0022b9a404d3d9da851ec0227da7634 |
| SHA512 | ccbd78e70ae574409478a8aeacd8a62d7dbd6d85ffa008b7091a1a4673183fbfce265b8b6f3cd930525cd92ced4e088cceca4c2c010bc87dd872ed284fdd3616 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ru.dll
| MD5 | a0db653f9e370f1e2fe8101de5930238 |
| SHA1 | ffe6903a2274b99f6b474c71045a929f63113242 |
| SHA256 | 504138c172fda433b6ef38f9b99515200cf6d2700c28d150781b082fb6ceb23d |
| SHA512 | 043f93df0d28497703a85dde1b1fdb7a8f97ae10d450460ab2e0decc2fed940df14c9bbe04dfeee7c2d5ef7a1abe08b77f8eaf4fb04c5b67a6dc98b329cbc561 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ro.dll
| MD5 | b5889a4d20545d3c5ea71fcb7733148b |
| SHA1 | bff878fc17fdd7cf00ccbffb951dc2d3d142c7e9 |
| SHA256 | 5de1c6cb9713a14af0089b4f2faf4acd2c3cd2eaf849177d320b7737091857cd |
| SHA512 | d8aed1b1dfbcc6f50a1496a38c7a0dfd4b71455616e9683310ed1e9946a4893e1a7a4380ee08b891c55bde5c0f652143017e5b376cea7ea53e45cecdce0c548e |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_no.dll
| MD5 | 83a8c8af786efbb5f79c9cbbb3800858 |
| SHA1 | ba0733ebd2c4f33edb0dcaba63160d72c535d8ac |
| SHA256 | 3f353bc3d33418e9dc5c31822f49dd31623fde2d426765cc53a9d7392ffd0998 |
| SHA512 | 03d1ae8efbe1037f8a3f795c0a2949217c2b8aa8b7b2aea66963e48d07f46dfdc20e1d81afe5a2f7e5a4fdec3d18ff8dc16bc0451bdef1f0c4510c4a22e67e1b |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_nl.dll
| MD5 | ba8299ea5a159726bcfba7740a883520 |
| SHA1 | 787af1a577fa1ee7ce0f2e740e286bfdef42486e |
| SHA256 | 384218bcafe5f8926dd228dec2180f87fb15f5efe67c3af3f793490e09750ff5 |
| SHA512 | 2679177cb527872c1fb9fdbd6e8f5db43f2422394a4db5ad185776f762f53dde7e45085c0711122d3e9d374d74c7bd6e5bcb433ea6c6dabde8e2e58883eb5f84 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_pt-PT.dll
| MD5 | 71146a21c465b0fcaeb4e6b10ce2aabf |
| SHA1 | 4679c7f7a0c19b37d6e08058fe566c15c2c428c4 |
| SHA256 | 791fcd221a7a281e3bbd48eff27d1cd4e9531553b3e629cc49dba599b284ea3a |
| SHA512 | 24aa5012868c0c8d0f3333d6cec4ebd4c683795cf05ceaa08c0b546db222d1914251664570d2e5abbd8d0947ea46f5c722da9a36f9d5b2276df5c72ad73e84ac |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_pt-BR.dll
| MD5 | b38a8c92361c6774af2db4f0f8563353 |
| SHA1 | 8ad58de8f45f6b5bde14964949bddc9ad941f2fc |
| SHA256 | 4aa5c29cd40d46f87e693a5181013f14ff83e00e830b661e9a0297268f7677df |
| SHA512 | fcd6cb1a8aed0cbbea00f793cda702f40d3f63c2d81b71f6cf8644cec7d6f95d41505c1b1a57e00f08b637b95262f1c1aeec8042d9e47a52e2a266228ce55d8a |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_pl.dll
| MD5 | 16b02f0119dd35bec832c343013b5899 |
| SHA1 | f2e41de38cb10e603eb5c172963ccc3dd0c677de |
| SHA256 | 359d95c1fa5fd48466a12f3c73f0030988a405413de27a7c3216dc66f1bc5bec |
| SHA512 | 953c66e60faf9e34d566676995e17725b73c06397925538b52891a18f2e1f4c6a9566246647c30d23d1ba4639825bda099240293de874ad939bcea9b2b75f9d4 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ms.dll
| MD5 | 9e2c58a21b200dff77ea0c8051b77702 |
| SHA1 | fc5dc409694e3155568aef95ccefca8a9b679cb4 |
| SHA256 | fb5c885d49e5aa448a1cee7098f65f13f64810dc15968d2b42142e97fc888ed9 |
| SHA512 | 7b8b07fc8b2aa452864e9addbfeb69a0c07bbb17673b966b9bbba257c543622a3d104d2be5fb4d24ae022d3b444992b77f3a3b17dd07f7bbbe6a55be3b01ed27 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_mr.dll
| MD5 | b4e8704c34e41fc245c653dd6ef5a34d |
| SHA1 | 604ff01ecb58406468fd13db35fae4be7d26786d |
| SHA256 | 6e2511ee1790c696a81298102dd4591320e6136975545fdcf10faf59aba7b4c2 |
| SHA512 | ae806682693a208f8e490e769279e22c2bc01e3f47cbff50c27674294375374fc3b64c9c5db14d7371d16c7a78320fdf39c21714b9db43eef5262747508ac4de |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ml.dll
| MD5 | c258e236d885a9fcde469adf91aa4980 |
| SHA1 | a28e6d0fb1a845f6a8300b2c119faf8f40960f33 |
| SHA256 | 1621465d4cf71952f5e27e4d27978428440755711ac72d0b51337d726c92268f |
| SHA512 | 7abeec6181b3c3367547927e6e886bdb96729abe8ea45f90fc24ae1422d94bf91d18ef7c532d329832d62a75bef7832e5a82516ea0d10add6f8180640e81139b |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_lv.dll
| MD5 | 8b5d9a154e9cd7e1a66e66c9d46e09e8 |
| SHA1 | 258448c72a8964a2d71c0e3374ba6381d22d66eb |
| SHA256 | 11e12c71f1b00f9c2d400cfbeaf83f9a58578658ffc67c2800c203370783198c |
| SHA512 | 9f31265b17532c233b4c89ff07d2de8c6e3841d73e16f70fa9cda96350d83b98fe1e3bb6dc10eeba009224f7c04746d19feb6c2567008844b274327a48f612ac |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_lt.dll
| MD5 | 0e63adeeda330ae72d5dae05d2ab1879 |
| SHA1 | b989dcfb6cf47ea4969fa5378cf6c3f9632ef0ef |
| SHA256 | ce6a507206bb2109eadabfb2445eadef364b847b517da37bf09cdf3e9dc38cc4 |
| SHA512 | 6b5d0cc8f6218948cac597b544d227ae8cb1ae844f48b5c557b7657644f37e820d29dc95aeb25759b3486f6f86a748536cc3e5d215bb7f21b131eedaf4e4c7de |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_ko.dll
| MD5 | 80098606e566e046ade990ff6431b937 |
| SHA1 | f42910914ebd0d243ba0101b8d8ece7f597623a7 |
| SHA256 | 98c8a8cbf7165369ba724dd96a6dbfb5a1fca7defe103faa517158e77f59306c |
| SHA512 | 8bb5832c87818d13c2e2a7335cfa455c69da87b321ab00c67ec86e6d5cf92e97f732ff314cb4602b6b8a50ecd04381656172f4cce97efe8e2d38cfdd041da152 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_it.dll
| MD5 | 46bee30ae911957b24e9d1dbc404ebb5 |
| SHA1 | bc9882b5e62d1eba5e2449fa3b2305b068b0268c |
| SHA256 | 2572bda09a6eba5c79a588712986e7bf8dd47310ac94dc437aa92d87c574d554 |
| SHA512 | d2f3556613bb69986b9c2a716b18dc303eaa12dfe09c198e8cf1e5f9007f1b5c40d13b750e73157e5239fe619d664be5ac87269f19e30ecf65302c1b0aeeecf9 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_is.dll
| MD5 | 070009daedea4df50f5fbad2c4449ea4 |
| SHA1 | 1f47f4c9e1f6eff7d6cb7cef93263434a0d87833 |
| SHA256 | 43cbefe6e8f803b31f4bef6b569e4a3f06e3794977e186ba63b22d2675ed66f8 |
| SHA512 | 04f1352e36ff9ba2c690520f0402620afbdbaf2600db1af96248481f298adee3d71572e4ba8182b1ad94440aedfa26d364ba3ce262e18f140d073d8b984129d4 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_id.dll
| MD5 | cb17bede0af90f6738385df6af6b8a04 |
| SHA1 | 64956abe8d792361402e63ade8b35ecfb2b94e73 |
| SHA256 | 938924017e3fb404dab6b30f42adf1403f019a4509234bef36cf9019c6af5843 |
| SHA512 | 10974b4bef2492edb9f7721e486ca13f95536d80bf67f55258ab64eeabd3213c25ebce4de6acc9e76c967b588e2ccedab947696c53e46323b5ac6d9638706a68 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_hu.dll
| MD5 | 3cc0bf341be378594ab251acbc89d9c4 |
| SHA1 | 456e4e1def91733ebd5af6d384d1ee03940deeda |
| SHA256 | 5691bf7b83e6d5c83f964ddb50f68fdbd67b749894a378ec5e53af58a89756f2 |
| SHA512 | 45c66cd18662063a9c49e9295fd572fd169ba146d1fd5547e2ec2b290b86528ffb2087cab4ed600fe92d586b1a479da2ac14485dc9225a5d355254c97219e46e |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_hr.dll
| MD5 | 22e9292f6e5cc9540ee07eb87c2b8f8c |
| SHA1 | f762af6ca1aea1f41723d2426b00de3be15f7447 |
| SHA256 | 43e8ed0a6f7bbf21531e7cdca058305c31201206b76f2059561d42dd134e3a16 |
| SHA512 | c5a6119acbf56f9098e46477c09f3f94ce063dfe30115c2a8e3ea0edfeef89929263fa15c8209078493102aa95eac711ec94cd489f69bbac0e3d6d3c510fbc51 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_hi.dll
| MD5 | 522d7f2b8e4976f84c2a68b727914b4b |
| SHA1 | ad543087b4ba70c15ebfb323b8c26e3065f1cd55 |
| SHA256 | fa2eec546eff376cd011812465b39ea3fdb9bc31dc112bb32255fdadab906ca3 |
| SHA512 | 4ef113bf30759c83e129aadb640d61ebe675408035d156ce2065eb9cd3c7be4e369074ab2230ba3f4b711686701bb3c794cf6ce604d98fd3da29f89c204ae163 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_gu.dll
| MD5 | c4e6b57a0226584073586e99cdfa3b50 |
| SHA1 | cd99e6841dcbb1124e9b6f127bdd298e0cad00c1 |
| SHA256 | a6ca3d56e5eec3ea6226582105d0c9fc27adcd988589f45eb2bfb8c02631fb7f |
| SHA512 | 5730076281e2d2f70b5c86355012ef9578ec9593a7c74918a4d16204d78371d48c8881c82d1b1d879ba869ff4174a4e17e294767d837605ad6841fc988fa5f16 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_fr.dll
| MD5 | 236b3efa2e86006e2bfb445a4fb1ecb2 |
| SHA1 | cb7fdbba4e586a10c8d9c8648883061d5298cdb0 |
| SHA256 | 4939d0f564fd60c5f8fed45a67ba9f18d0832c125b9a9a98404c8709d8b0c3e4 |
| SHA512 | 208d070c2cb1acd5e7841c0e84659be3a914e00fef0467dbda77018988109b702909919d6a1a500371afec29d093c7f553ca2440513dc733d537102f0ed2bb89 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_fil.dll
| MD5 | 1c7fd68b119a0ebc9cc4dc527a915f9f |
| SHA1 | 60e8969ea6253ede57654feca8d28261ea7a6972 |
| SHA256 | 4a33c15ab1a4e0efe23b241ded92418c0e5ac12db6cc0d785800a7f1d93bb728 |
| SHA512 | 66f76e647c9234a3c33739df4990f3af06af39b6d7736d3ee76cb05970d065f656011147c94f6721e7be3bc62738bab24a91caa9489ccef4ba7f26eee661e503 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_fi.dll
| MD5 | c2898309e8762751aed67dace77a891a |
| SHA1 | 3ab4944a404c027e592d5898811be1d38a7cb206 |
| SHA256 | c980b289b836b5ceff79007ff5e2297c50d797e4b5ed42263e7f2328d5392679 |
| SHA512 | 7ec9ac4b98b9b8ce03b959d6768fed60b1907c06500f271f4cc128d48473c300da65e4e1af481023447ac76d6120dff753f201dcc6987a42ee9204278bb40bc0 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_fa.dll
| MD5 | 9e04f506c3ab56af93155249e0a3345f |
| SHA1 | cac2db5df0c6a9fd1761079421154d07eccfe018 |
| SHA256 | 77693e4da8140844ce06db9ed1b77998923dfb163ed07a91d94583abc1104290 |
| SHA512 | 58ff51e229c1c3824e526869bbec9475eb2ec9a9aa0591d425616a21d15aa0f435921088b0ff7a9a81b804792aed4dd833bc26d067fa5420ce4065fedcdf3fd2 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_et.dll
| MD5 | c89d4dfa4b02860e57d5cf8f834ac7fb |
| SHA1 | 997b19cb9ce50689847f65ff7c43f26b54057fab |
| SHA256 | 604e8f115462a1d02d702c0fa39c70efd7329d7ea3d9bcbcee4263cf7a177ff8 |
| SHA512 | a9fbb418a62e309039ecfc0557fde57b7896b42356e9f29a74e65069426790bd45aee11124f977546383d1ed677cfefbf52dd3396f7657e61cefbd3ed505a1a9 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_es-419.dll
| MD5 | 9575d43932b581de1656f3f25138bbbd |
| SHA1 | 6074ac514180dbbb07d7c1aa1252691bee7f137e |
| SHA256 | 09e84f614815910038b46b532b18e4f2336c26bfd029ac0b995208a790e2e496 |
| SHA512 | c7405704f158c7f0d9b739547072d3c71ebe3fb41e67f61a30ec4989b08566cf8f1589e62d6d310facd03b6c116338321000a205e7a34fd5a8f2f64808df1122 |
C:\Program Files (x86)\Distributive\Temp\GUM55AD.tmp\goopdateres_es.dll
| MD5 | 9b90f39c6639be7643e944f669d08893 |
| SHA1 | 199ce69dc4c663f501d6141cda0fb731d3cbe173 |
| SHA256 | 04320cbfefe9f7f4a67690c2863c6e2727c793e0c949e6d880ebe828bf1ab5d2 |
| SHA512 | 3e15aa59c197b7279c68dd4d0f02a73e87cd22da1c13ea35dc6e1cc8462cea42570eece4d836c99e88a97146833800026fa6c83e495645e6c32f3b6377caab67 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\schemas\plugins\asset\AssetGeneratorOptions.check.d.ts
| MD5 | 23b2e592650b9f766354c61850bcbf5d |
| SHA1 | 0f44ef1078520b57b55f9be89419cf7b748b4691 |
| SHA256 | 41a7a7ba151074d7866409bc5f8019a021fe26d846995a7d74de151561426f1d |
| SHA512 | 28ffa772e91519893f8d24e57942cee363c15adf59171026dc3322e72580a3014c828586e06d1d81ba0cdd684217560e6a757cdfed26d173ec2383ef3016da6a |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\bravojs\demos\iojs_tests\tests\modules\2.0\hasOwnProperty\test.js
| MD5 | b8c6df5be77377528b1502778dc3d060 |
| SHA1 | 04e7dc9514fd58396b8766542aa3b3764fb1aa16 |
| SHA256 | 6707f667fabd17f4f3d5bf5efbb0f2bd63a796840b13fe197f69034a0a258d94 |
| SHA512 | 80b9ce50344b6ddf53ac82ef38e04b7d9c9a69de4e99c313ff648599d071e94b8219bc9dc3ab48b7a825c54f758d253e0b34d4a6fc31e33e1adefb7ecc00c258 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\engine.io-client\node_modules\debug\src\browser.js
| MD5 | 20bd9fad97b79a0a28e550ade5cd3ab3 |
| SHA1 | e63a38b9e85d1d86dea2e02c6f885fa001b49d34 |
| SHA256 | 4e3dc6d0e1db58a0d74206b443f35582d3b717be56a0f6d030c34af6c2ad9f62 |
| SHA512 | 6905ed5f21c03abb872232b8356cd40ef3a8d095e2b944049563f87b006a4d480d7b4f5b58005f5d5265ab8a08ff0e3861fe342da060e5b73e45472391d3d47b |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\supports-hyperlinks\node_modules\supports-color\license
| MD5 | 915042b5df33c31a6db2b37eadaa00e3 |
| SHA1 | 5aaf48196ddd4d007a3067aa7f30303ca8e4b29c |
| SHA256 | 48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0 |
| SHA512 | 9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\socket.io-parser\node_modules\debug\README.md
| MD5 | 44d6d103f294667967e0975107c50e59 |
| SHA1 | 86a542a5178a95047aab606b0605cd8d56e7053c |
| SHA256 | 27542cdec68da894345048dd553144e12764fb1f1c33e602bec276d7a50c56a3 |
| SHA512 | dd8222e2ed98720c4ce9018d0c464319c9468224d902e61c2b41c978a680eb9dc01d2094d8513868fa653f7a9b235ad9f9aa26e6d12a2399d5c7e4384f0aa381 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\bravojs\demos\iojs_tests\tests\modules\1.0\exactExports\test.js
| MD5 | a2af663dda238850bd19d1413ce63b24 |
| SHA1 | 894adb4db5a1cce69467d87d3e92b77c0dad63b7 |
| SHA256 | fa23f6deac8cc740605194f63a38e6f17b647ba03e9d40b1fe2f7f6affb3fc79 |
| SHA512 | dd62b77f17717fbe17c922174fc96b8df9b5b0e077513c6fb4193b5e07118aefcc8ac1f31e7c3526ba32dfff44526d9a2ba3d35c7e28e4de46b8ba72e42fd718 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@webassemblyjs\helper-buffer\LICENSE
| MD5 | c617241c1319a73d00c000b37772e818 |
| SHA1 | 4c69ebd5d7bcc1792fbaa02403650ba16b00832f |
| SHA256 | 6d651b5b749b483278531be91623014bdfc12951278a33d6e43477db60a620ef |
| SHA512 | 07529d52ed9bcfa4a18650b5381a14b2e448028c9600375429f692f3c2e78fd08cfc3c6d6f4a3a278c6b43b6b8196ef1b8b8124cebc03d6a57e335d695ee355a |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@kingsds\engine.io-client\node_modules\debug\LICENSE
| MD5 | d85a365580888e9ee0a01fb53e8e9bf0 |
| SHA1 | 59e43165aeefdfe28d5e497a0aaef79d6d622af0 |
| SHA256 | 3a61c6c96caf5c1d9b623fb9b04c822b783dfcb78aa7e49c76a3f643e6ed7f95 |
| SHA512 | 3489ec3783403daa899ec5bd89d8d23a7386ab2cea6243ccccb23d2cd7a69c735f2852d66a6c3571d22a7bf724823173c8c115c4e49b9120331638145e3dc058 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\https-proxy-agent\node_modules\debug\src\node.js
| MD5 | 6e63fda079262f01e14f03bdf77146c0 |
| SHA1 | 481608e3c95722f3a474336e5b777a6a521e76f9 |
| SHA256 | f237adcb52849de7c128f57e0468b52353c529a6c8341810477c0e7144359559 |
| SHA512 | 3017b4717118f56fac106dcaa046aecf3cc63c37e64f49838e5379a13583c293f39ec5ace48fb2dabeac6af4a967f96219812733ead6f36c3f5c8d132d795900 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\regedit\node_modules\debug\src\index.js
| MD5 | d6c53f5a0dd8f256d91210ad530a2f3e |
| SHA1 | 0f4ce3b10eff761f099ac75593f7e05b149ae695 |
| SHA256 | aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3 |
| SHA512 | 4faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\socket.io-parser\node_modules\debug\src\common.js
| MD5 | 28e94a3cc7d081498bea5ced383038f6 |
| SHA1 | c9707394c09387b56864a8865158d29fd307774a |
| SHA256 | c65bff44c189188e0c45afdbd9b02c427ff5c6e54b94da53c102fbb7a53f0e37 |
| SHA512 | 5775d4c9b823dc9514488a28f2bfcba990a13defdfc5992e1ffec915ca5e6ec2ba87bddb1cb7f4b772345a14b4041f98a74f7bcc9d9be2a3371e3002c33bbebc |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\resolve\test\resolver\foo.js
| MD5 | 0c1d9e1731bb3d71b0b7a15695bfab14 |
| SHA1 | db311f33466c97593aa59411fcfd87e8489d8f50 |
| SHA256 | 6e66e366f0aefb84ad8110afcd9b2245702c643c831edf8316ff048fec739d2e |
| SHA512 | 45e19626ce38abfafe540dd1b108ef171a927b97bfa75fd3943f5f2670e2db6e58af7a33fd3caf0a75fb0e8fac0961928627b9abc743234de97c320b7dd09918 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\https-proxy-agent\node_modules\debug\package.json
| MD5 | 2630a1ac039c8970c8fb0daf0f2f03c4 |
| SHA1 | ed6fe3dcf77a4c2ddadde904c5b1fc47cf9893c7 |
| SHA256 | 754ba4f352a9b983fbbf93cfffe015d29bc789a08eb05815270abf50902697fb |
| SHA512 | a017d21a1ecb159065bc32b94b38de03b38c10448b85f88bfe1498b144320884d612a868b9db192d6acf041f88da415f953d9dd8541ee29e4053e2463dd54791 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\blessed-contrib\node_modules\chalk\license
| MD5 | a12ebca0510a773644101a99a867d210 |
| SHA1 | 0c94f137f6e0536db8cb2622a9dc84253b91b90c |
| SHA256 | 6fb9754611c20f6649f68805e8c990e83261f29316e29de9e6cedae607b8634c |
| SHA512 | ae79e7a4209a451aef6b78f7b0b88170e7a22335126ac345522bf4eafe0818da5865aae1507c5dc0224ef854548c721df9a84371822f36d50cbcd97fa946eee9 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\tunnel\test\keys\client1.cnf
| MD5 | 05ed3e192dc805c6abb64ac63489aa51 |
| SHA1 | 9aa30cdb479b144b71cc7b4a30c3cb53c905492a |
| SHA256 | b0d7be40a4cf3eed9985857f17c8751799b1451d3848d91ef3ab68c5b4d4be71 |
| SHA512 | 3f0e0489a703d32e8aaf5a33eb14747288a3867c56b6f493da92199c7981cb35c8649fedcecea83e427faa5de71663a5844ce01597859f7820ea728426ecb43b |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\@types\eslint\LICENSE
| MD5 | d4a904ca135bb7bc912156fee12726f0 |
| SHA1 | 689ec0681815ecc32bee639c68e7740add7bd301 |
| SHA256 | c2cfccb812fe482101a8f04597dfc5a9991a6b2748266c47ac91b6a5aae15383 |
| SHA512 | 1d0688424f69c0e7322aeb720e4e28d9af3b5a7a2dc18b8b198156e377a61a6e05bc824528fca0f8e61ac39b137a028029ff82e5229ad400a3cc22e2bdb687ad |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\chownr\LICENSE
| MD5 | 82703a69f6d7411dde679954c2fd9dca |
| SHA1 | bb408e929caeb1731945b2ba54bc337edb87cc66 |
| SHA256 | 4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b |
| SHA512 | 3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\domutils\LICENSE
| MD5 | d5b9cb3bc7f6ffd7bea8661f30447c11 |
| SHA1 | a4b5765e26b195e972e961e2c241a54eff51dafb |
| SHA256 | cb992345949ccd6e8394b2cd6c465f7b897c864f845937dbf64e8997f389e164 |
| SHA512 | ea3679d79a1a7161ff68dd4265d7e89b9ee2bfff4f32d8da4802692d6fdc5c1706ff9edd5dce36ad4e88f7aa5f76061cf4cc8794a010efbf39b5bcb1ef08a550 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\map-stream\.npmignore
| MD5 | 3aa88e1b4178e1364504595cf52245d4 |
| SHA1 | ce6ec6945a433dabf9df0dab82f65f8bbca4feba |
| SHA256 | a1cd9589c07a23e3a67e8c6017e10a46d26085a85c7b55dee70192c788b1d1f8 |
| SHA512 | fe5a4c0a22148adead4acc911203a9299515cc0c65a5ec1969e7ede69cbe7152a7ff6a52efac98c460a17844fc9ebea6676b2161c5b1febb501463ae5a120f76 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\nopt\.npmignore
| MD5 | 3d10912d07e7bc8cd7d2faea51adb2d8 |
| SHA1 | 8b894ec0b3bbc33011392ad9bafeb1df2634db45 |
| SHA256 | 16d30e4462189fb14dd611bdb708c510630c576a1f35b9383e89a4352da36c97 |
| SHA512 | 8d609d64d4e3f7b92e6cb047b2c416902f59f67b716cfc1b030ff4a745f78e2cb65caab8fa38d39cf28e3997fe35ccc24c2e6b1c02de7a39e821467bdee70561 |
C:\Program Files\Distributive\DCP\dcp-supervisor\node_modules\webpack\LICENSE
| MD5 | 95a881ed5cb29fc8a0fa0356525f30ac |
| SHA1 | 3bebb9ba92e45dd02a0512e144f6a46b14a9b8ab |
| SHA256 | 9068a8782d2fb4c6e432cfa25334efa56f722822180570802bf86e71b6003b1e |
| SHA512 | e2bad52e4e244a06f50bd64fcefa7c942febfac5a814c71095106fd3be64634b8381895d4cce884fbe3b2c20043ce210e6322b135b1b9fb2965bd4ae7a57ba8c |
C:\Windows\Installer\{5E73C3C5-02C5-4CF3-8916-F16E61D262A7}\DCP_ICON.exe
| MD5 | 277e355779ec68ad1ac62b27ad3a6294 |
| SHA1 | 88b4a2b54c9b96dbb99d5d011a88bb8cdbf8cf95 |
| SHA256 | 0e35a0aea113abe09c19a7a07b20266f2cfab0def910ec1ba86394e7ed8559b7 |
| SHA512 | 78a769e1012c47c167e6eed73a34b765ff97c931d621e1c7582fcde7ded904ef37e38cee81cc5c641db4a29f819033d6f8a0d389ec52ee52f8f188919cc8d140 |