General Info

File name

MyDesk.exe

Full analysis
https://app.any.run/tasks/61633796-5f58-45de-ab7f-e24d91c9ce90
Verdict
Malicious activity
Analysis date
6/12/2019, 11:41:12
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

049a374fd680a0c28536725f3b0adc0b

SHA1

11c721e3a8bd544b2d3a25a4a4ee598d6583b0ed

SHA256

486a04bdc4adf842a5efadf2031fc6072a31ef599c881fc0ea93eb0e8e0b4fcf

SSDEEP

12288:Jx/B1j/XUJJWeuEacT3xON1++LfMQqRScjPozfvLLY1TW/0oVyNk3tTBcH2/Ljko:LJxvU2eRacjxEE+9qRScjgzKa8g2kdT1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • SentryBayUpdate.exe (PID: 3572)
  • SentryBayUpdate.exe (PID: 3184)
  • SentryBayCrashHandler.exe (PID: 3036)
  • SentryBayUpdate.exe (PID: 3712)
  • SentryBayUpdate.exe (PID: 2732)
  • SentryBayUpdate.exe (PID: 3664)
  • SentryBayUpdate.exe (PID: 756)
  • SentryBayUpdate.exe (PID: 2460)
  • SentryBayUpdate.exe (PID: 3736)
  • SentryBayUpdate.exe (PID: 2176)
Loads dropped or rewritten executable
  • SentryBayUpdate.exe (PID: 3572)
  • svchost.exe (PID: 692)
  • SentryBayCrashHandler.exe (PID: 3036)
  • SentryBayUpdate.exe (PID: 3184)
  • SentryBayUpdate.exe (PID: 2732)
  • SentryBayUpdate.exe (PID: 3712)
  • SentryBayUpdate.exe (PID: 756)
  • SentryBayUpdate.exe (PID: 3664)
  • SentryBayUpdate.exe (PID: 2460)
  • SentryBayUpdate.exe (PID: 3736)
  • SentryBayUpdate.exe (PID: 2176)
Loads the Task Scheduler DLL interface
  • SentryBayUpdate.exe (PID: 3712)
  • SentryBayUpdate.exe (PID: 2460)
Changes settings of System certificates
  • SentryBayUpdate.exe (PID: 2176)
Removes files from Windows directory
  • SentryBayUpdate.exe (PID: 2460)
  • SentryBayUpdate.exe (PID: 2732)
Executable content was dropped or overwritten
  • SentryBayUpdate.exe (PID: 2460)
  • msiexec.exe (PID: 2240)
  • SentryBayUpdate.exe (PID: 2176)
  • MyDesk.exe (PID: 3100)
Creates files in the Windows directory
  • SentryBayUpdate.exe (PID: 2732)
  • SentryBayUpdate.exe (PID: 2460)
Starts Internet Explorer
  • SentryBayUpdate.exe (PID: 3184)
Executed via COM
  • SentryBayUpdate.exe (PID: 3184)
Application launched itself
  • SentryBayUpdate.exe (PID: 3664)
  • SentryBayUpdate.exe (PID: 2460)
  • SentryBayUpdate.exe (PID: 3736)
Executed as Windows Service
  • SentryBayUpdate.exe (PID: 3664)
Creates COM task schedule object
  • SentryBayUpdate.exe (PID: 2460)
  • SentryBayUpdate.exe (PID: 756)
Starts itself from another location
  • SentryBayUpdate.exe (PID: 2176)
Adds / modifies Windows certificates
  • SentryBayUpdate.exe (PID: 2176)
Creates files in the program directory
  • SentryBayUpdate.exe (PID: 2176)
Reads internet explorer settings
  • iexplore.exe (PID: 3832)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3832)
Changes internet zones settings
  • iexplore.exe (PID: 2612)
Creates files in the user directory
  • iexplore.exe (PID: 3832)
Application launched itself
  • iexplore.exe (PID: 2612)
Creates a software uninstall entry
  • msiexec.exe (PID: 2240)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2017:11:05 21:38:33+01:00
PEType:
PE32
LinkerVersion:
9
CodeSize:
13824
InitializedDataSize:
570368
UninitializedDataSize:
null
EntryPoint:
0x1000
OSVersion:
5
ImageVersion:
null
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
1.0.0.13544
ProductVersionNumber:
1.0.0.13544
FileFlagsMask:
0x0017
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Unknown
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
CompanyName:
SentryBay
FileDescription:
Setup
FileVersion:
1.0.0.13544
InternalName:
Setup
LegalCopyright:
Copyright 2007-2010 SentryBay
OriginalFileName:
Setup
ProductName:
Setup
ProductVersion:
1.0.0.13544
LanguageId:
en
Privatebuild:
null
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
05-Nov-2017 20:38:33
Detected languages
Arabic - Saudi Arabia
Bulgarian - Bulgaria
Catalan - Spain
Chinese - PRC
Chinese - Taiwan
Croatian - Croatia
Czech - Czech Republic
Danish - Denmark
Dutch - Netherlands
English - United Kingdom
English - United States
Estonian - Estonia
Farsi - Iran
Finnish - Finland
French - France
German - Germany
Greek - Greece
Gujarati - India
Hebrew - Israel
Hindi - India
Hungarian - Hungary
Icelandic - Iceland
Indonesian - Indonesia (Bahasa)
Italian - Italy
Japanese - Japan
Kannada - India (Kannada script)
Korean - Korea
Latvian - Latvia
Lithuanian - Lithuania
Malay - Malaysia
Marathi - India
Norwegian - Norway (Bokmal)
Polish - Poland
Portuguese - Brazil
Portuguese - Portugal
Romanian - Romania
Russian - Russia
Serbian - Serbia (Cyrillic)
Slovak - Slovakia
Slovenian - Slovenia
Spanish - Mexico
Spanish - Spain (International sort)
Swedish - Sweden
Tamil - India
Telugu - India (Telugu script)
Thai - Thailand
Turkish - Turkey
Ukrainian - Ukraine
Urdu - Pakistan
Vietnamese - Viet Nam
Debug artifacts
mi_exe_stub.pdb
CompanyName:
SentryBay
FileDescription:
Setup
FileVersion:
1.0.0.13544
InternalName:
Setup
LegalCopyright:
Copyright 2007-2010 SentryBay
OriginalFilename:
Setup
ProductName:
Setup
ProductVersion:
1.0.0.13544
LanguageId:
en
Privatebuild:
null
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000F0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
4
Time date stamp:
05-Nov-2017 20:38:33
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00003415 0x00003600 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.45997
.rdata 0x00005000 0x000006FA 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.70125
.data 0x00006000 0x000001B4 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0.436362
.rsrc 0x00007000 0x0008A880 0x0008AA00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 7.94496
Resources
1

2

3

4

5

6

7

8

101

102

1365

Imports
    KERNEL32.dll

    SHLWAPI.dll

    ole32.dll

    USER32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
50
Monitored processes
15
Malicious processes
8
Suspicious processes
0

Behavior graph

+
drop and start start drop and start drop and start drop and start mydesk.exe sentrybayupdate.exe no specs sentrybayupdate.exe sentrybayupdate.exe msiexec.exe sentrybayupdate.exe no specs sentrybayupdate.exe no specs sentrybayupdate.exe no specs sentrybayupdate.exe sentrybaycrashhandler.exe no specs sentrybayupdate.exe no specs svchost.exe no specs iexplore.exe iexplore.exe sentrybayupdate.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
692
CMD
C:\Windows\system32\svchost.exe -k RPCSS
Path
C:\Windows\System32\svchost.exe
Indicators
No indicators
Parent process
––
User
NETWORK SERVICE
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Host Process for Windows Services
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\sentrybay\update\1.0.0.13544\goopdate.dll

PID
3100
CMD
"C:\Users\admin\AppData\Local\Temp\MyDesk.exe"
Path
C:\Users\admin\AppData\Local\Temp\MyDesk.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
SentryBay
Description
Setup
Version
1.0.0.13544
Modules
Image
c:\users\admin\appdata\local\temp\mydesk.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\gume4b1.tmp\sentrybayupdate.exe

PID
3736
CMD
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\SentryBayUpdate.exe /install "appguid={12F2FF45-4DA6-11DF-BFFB-3516A1BE09AA}&ap=live_phase3&brand=ac_creditsuisse&appname=MyDesk&needsadmin=True&installerdata=%3C%3Fxml%20version%3D%221.0%22%3F%3E%0A%3CPrePackagedLicense%20xmlns%3D%22http%3A%2F%2Fwww.sentrybay.com%2Flicense%2Fv2%22%3E%3CLicense%20Id%3D%22_92655394de191037819c4040b70e735a%22%3E%3CIssueDate%3E2019-06-12%3C%2FIssueDate%3E%3CDaysUntilExpiry%3E32767%3C%2FDaysUntilExpiry%3E%3CProduct%3ESAS%3C%2FProduct%3E%3CType%3EFull%3C%2FType%3E%3CLicensor%3Eac_creditsuisse%3C%2FLicensor%3E%3CSeats%3E1%3C%2FSeats%3E%3CReference%3Elive_phase3%3C%2FReference%3E%3C%2FLicense%3E%3Cds%3ASignature%20xmlns%3Ads%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%0A%20%20%3Cds%3ASignedInfo%3E%3Cds%3ACanonicalizationMethod%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%2F%3E%0A%20%20%20%20%3Cds%3ASignatureMethod%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%2F%3E%0A%20%20%3Cds%3AReference%3E%3Cds%3ATransforms%3E%3Cds%3ATransform%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%2F%3E%3Cds%3ATransform%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%2F%3E%3C%2Fds%3ATransforms%3E%3Cds%3ADigestMethod%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%2F%3E%3Cds%3ADigestValue%3EZVdeHy3ndrUBStNIr9b1C6eSaP4%3D%3C%2Fds%3ADigestValue%3E%3C%2Fds%3AReference%3E%3C%2Fds%3ASignedInfo%3E%3Cds%3ASignatureValue%3EKn8BkIGJ6UqZesSmKHpAVwpUXfjVwmchS8Q69w9fmQwlCtKQndVeDuNaqiTndqjzR9wpq%2Bmr4u%2BJ1yqe%2FpsdxJ7sbhKnicgMS%2Fr4blVYhOxoanDMQ%2FbO8Tux5S6wc314b9pX0GGbdgVZxQvqZVEPUvNFRiteQP9sBTkO%2FdkKapA%3D%3C%2Fds%3ASignatureValue%3E%0A%3C%2Fds%3ASignature%3E%3C%2FPrePackagedLicense%3E%0A%0D%0A"
Path
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\SentryBayUpdate.exe
Indicators
No indicators
Parent process
MyDesk.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
SentryBay
Description
SentryBay Installer
Version
1.0.0.13544
Modules
Image
c:\users\admin\appdata\local\temp\gume4b1.tmp\sentrybayupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\gume4b1.tmp\goopdate.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\gume4b1.tmp\goopdateres_en.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\profapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\mpr.dll

PID
2176
CMD
"C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\SentryBayUpdate.exe" /install "appguid={12F2FF45-4DA6-11DF-BFFB-3516A1BE09AA}&ap=live_phase3&brand=ac_creditsuisse&appname=MyDesk&needsadmin=True&installerdata=%3C%3Fxml%20version%3D%221.0%22%3F%3E%0A%3CPrePackagedLicense%20xmlns%3D%22http%3A%2F%2Fwww.sentrybay.com%2Flicense%2Fv2%22%3E%3CLicense%20Id%3D%22_92655394de191037819c4040b70e735a%22%3E%3CIssueDate%3E2019-06-12%3C%2FIssueDate%3E%3CDaysUntilExpiry%3E32767%3C%2FDaysUntilExpiry%3E%3CProduct%3ESAS%3C%2FProduct%3E%3CType%3EFull%3C%2FType%3E%3CLicensor%3Eac_creditsuisse%3C%2FLicensor%3E%3CSeats%3E1%3C%2FSeats%3E%3CReference%3Elive_phase3%3C%2FReference%3E%3C%2FLicense%3E%3Cds%3ASignature%20xmlns%3Ads%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%0A%20%20%3Cds%3ASignedInfo%3E%3Cds%3ACanonicalizationMethod%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%2F%3E%0A%20%20%20%20%3Cds%3ASignatureMethod%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%2F%3E%0A%20%20%3Cds%3AReference%3E%3Cds%3ATransforms%3E%3Cds%3ATransform%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%2F%3E%3Cds%3ATransform%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%2F%3E%3C%2Fds%3ATransforms%3E%3Cds%3ADigestMethod%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%2F%3E%3Cds%3ADigestValue%3EZVdeHy3ndrUBStNIr9b1C6eSaP4%3D%3C%2Fds%3ADigestValue%3E%3C%2Fds%3AReference%3E%3C%2Fds%3ASignedInfo%3E%3Cds%3ASignatureValue%3EKn8BkIGJ6UqZesSmKHpAVwpUXfjVwmchS8Q69w9fmQwlCtKQndVeDuNaqiTndqjzR9wpq%2Bmr4u%2BJ1yqe%2FpsdxJ7sbhKnicgMS%2Fr4blVYhOxoanDMQ%2FbO8Tux5S6wc314b9pX0GGbdgVZxQvqZVEPUvNFRiteQP9sBTkO%2FdkKapA%3D%3C%2Fds%3ASignatureValue%3E%0A%3C%2Fds%3ASignature%3E%3C%2FPrePackagedLicense%3E%0A%0D%0A" /installelevated
Path
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\SentryBayUpdate.exe
Indicators
Parent process
SentryBayUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
SentryBay
Description
SentryBay Installer
Version
1.0.0.13544
Modules
Image
c:\users\admin\appdata\local\temp\gume4b1.tmp\sentrybayupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\gume4b1.tmp\goopdate.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\users\admin\appdata\local\temp\gume4b1.tmp\goopdateres_en.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msisip.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\program files\sentrybay\update\sentrybayupdate.exe

PID
2460
CMD
"C:\Program Files\SentryBay\Update\SentryBayUpdate.exe" /ig "appguid={12F2FF45-4DA6-11DF-BFFB-3516A1BE09AA}&ap=live_phase3&brand=ac_creditsuisse&appname=MyDesk&needsadmin=True&installerdata=%3C%3Fxml%20version%3D%221.0%22%3F%3E%0A%3CPrePackagedLicense%20xmlns%3D%22http%3A%2F%2Fwww.sentrybay.com%2Flicense%2Fv2%22%3E%3CLicense%20Id%3D%22_92655394de191037819c4040b70e735a%22%3E%3CIssueDate%3E2019-06-12%3C%2FIssueDate%3E%3CDaysUntilExpiry%3E32767%3C%2FDaysUntilExpiry%3E%3CProduct%3ESAS%3C%2FProduct%3E%3CType%3EFull%3C%2FType%3E%3CLicensor%3Eac_creditsuisse%3C%2FLicensor%3E%3CSeats%3E1%3C%2FSeats%3E%3CReference%3Elive_phase3%3C%2FReference%3E%3C%2FLicense%3E%3Cds%3ASignature%20xmlns%3Ads%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%0A%20%20%3Cds%3ASignedInfo%3E%3Cds%3ACanonicalizationMethod%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%2F%3E%0A%20%20%20%20%3Cds%3ASignatureMethod%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%2F%3E%0A%20%20%3Cds%3AReference%3E%3Cds%3ATransforms%3E%3Cds%3ATransform%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%2F%3E%3Cds%3ATransform%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%2F%3E%3C%2Fds%3ATransforms%3E%3Cds%3ADigestMethod%20Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%2F%3E%3Cds%3ADigestValue%3EZVdeHy3ndrUBStNIr9b1C6eSaP4%3D%3C%2Fds%3ADigestValue%3E%3C%2Fds%3AReference%3E%3C%2Fds%3ASignedInfo%3E%3Cds%3ASignatureValue%3EKn8BkIGJ6UqZesSmKHpAVwpUXfjVwmchS8Q69w9fmQwlCtKQndVeDuNaqiTndqjzR9wpq%2Bmr4u%2BJ1yqe%2FpsdxJ7sbhKnicgMS%2Fr4blVYhOxoanDMQ%2FbO8Tux5S6wc314b9pX0GGbdgVZxQvqZVEPUvNFRiteQP9sBTkO%2FdkKapA%3D%3C%2Fds%3ASignatureValue%3E%0A%3C%2Fds%3ASignature%3E%3C%2FPrePackagedLicense%3E%0A%0D%0A"
Path
C:\Program Files\SentryBay\Update\SentryBayUpdate.exe
Indicators
Parent process
SentryBayUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
2147754388
Version:
Company
SentryBay
Description
SentryBay Installer
Version
1.0.0.13544
Modules
Image
c:\program files\sentrybay\update\sentrybayupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\program files\sentrybay\update\1.0.0.13544\goopdate.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\sentrybay\update\1.0.0.13544\goopdateres_en.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\mstask.dll
c:\windows\system32\mpr.dll
c:\windows\system32\msi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\program files\sentrybay\update\1.0.0.13544\npsentrybayoneclick8.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll

PID
2240
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\devrtl.dll

PID
756
CMD
"C:\Program Files\SentryBay\Update\SentryBayUpdate.exe" /RegServer
Path
C:\Program Files\SentryBay\Update\SentryBayUpdate.exe
Indicators
No indicators
Parent process
SentryBayUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
SentryBay
Description
SentryBay Installer
Version
1.0.0.13544
Modules
Image
c:\program files\sentrybay\update\sentrybayupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\program files\sentrybay\update\1.0.0.13544\goopdate.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\oleaut32.dll

PID
3664
CMD
"C:\Program Files\SentryBay\Update\SentryBayUpdate.exe" /svc
Path
C:\Program Files\SentryBay\Update\SentryBayUpdate.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
SentryBay
Description
SentryBay Installer
Version
1.0.0.13544
Modules
Image
c:\program files\sentrybay\update\sentrybayupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\program files\sentrybay\update\1.0.0.13544\goopdate.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll

PID
3712
CMD
"C:\Program Files\SentryBay\Update\SentryBayUpdate.exe" /c
Path
C:\Program Files\SentryBay\Update\SentryBayUpdate.exe
Indicators
No indicators
Parent process
SentryBayUpdate.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
SentryBay
Description
SentryBay Installer
Version
1.0.0.13544
Modules
Image
c:\program files\sentrybay\update\sentrybayupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\program files\sentrybay\update\1.0.0.13544\goopdate.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\program files\sentrybay\update\1.0.0.13544\sentrybaycrashhandler.exe
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mstask.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

PID
2732
CMD
"C:\Program Files\SentryBay\Update\SentryBayUpdate.exe" /cr
Path
C:\Program Files\SentryBay\Update\SentryBayUpdate.exe
Indicators
Parent process
SentryBayUpdate.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
SentryBay
Description
SentryBay Installer
Version
1.0.0.13544
Modules
Image
c:\program files\sentrybay\update\sentrybayupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\program files\sentrybay\update\1.0.0.13544\goopdate.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll

PID
3036
CMD
"C:\Program Files\SentryBay\Update\1.0.0.13544\SentryBayCrashHandler.exe" /crashhandler
Path
C:\Program Files\SentryBay\Update\1.0.0.13544\SentryBayCrashHandler.exe
Indicators
No indicators
Parent process
SentryBayUpdate.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
SentryBay
Description
SentryBay Installer
Version
1.0.0.13544
Modules
Image
c:\program files\sentrybay\update\1.0.0.13544\sentrybaycrashhandler.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\program files\sentrybay\update\1.0.0.13544\goopdate.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll

PID
3184
CMD
"C:\Program Files\SentryBay\Update\SentryBayUpdate.exe" -Embedding
Path
C:\Program Files\SentryBay\Update\SentryBayUpdate.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
SentryBay
Description
SentryBay Installer
Version
1.0.0.13544
Modules
Image
c:\program files\sentrybay\update\sentrybayupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\program files\sentrybay\update\1.0.0.13544\goopdate.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\sentrybay\update\1.0.0.13544\goopdateres_en.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\apphelp.dll

PID
2612
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com/support/installer/?hl=&errorcode=0x80042194&extracode1=0x00000000&extracode2=0&app=%7B12F2FF45-4DA6-11DF-BFFB-3516A1BE09AA%7D&guver=1.0.0.13544&ismachine=1&os=6.1&sp=Service%20Pack%201&iid=&brand=ac_creditsuisse&source=updatecheck&testsource=auto
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
SentryBayUpdate.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll

PID
3832
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2612 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\feclient.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

PID
3572
CMD
"C:\Program Files\SentryBay\Update\SentryBayUpdate.exe" /UnregServer
Path
C:\Program Files\SentryBay\Update\SentryBayUpdate.exe
Indicators
No indicators
Parent process
SentryBayUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
SentryBay
Description
SentryBay Installer
Version
1.0.0.13544
Modules
Image
c:\program files\sentrybay\update\sentrybayupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\program files\sentrybay\update\1.0.0.13544\goopdate.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll

Registry activity

Total events
1472
Read events
1119
Write events
248
Delete events
105

Modification events

PID
Process
Operation
Key
Name
Value
692
svchost.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\62\52C64B7E
692
svchost.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\62
692
svchost.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\63\52C64B7E
LanguageList
en-US
692
svchost.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\63\52C64B7E
@C:\Program Files\SentryBay\Update\1.0.0.13544\goopdate.dll,-3000
SentryBay Update
2176
SentryBayUpdate.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2176
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2176
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2176
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\UsageStats\Daily
LastTransmission
1560332491
2176
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
pv
1.0.0.13544
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@update.sentrybay.com/SentryBay Update;version=8\MimeTypes\application/x-vnd.google.oneclickctrl.8
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@update.sentrybay.com/SentryBay Update;version=8\MimeTypes
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@update.sentrybay.com/SentryBay Update;version=8
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}\iexplore\AllowedDomains\*
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}\iexplore\AllowedDomains
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}\iexplore
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBay.OneClickCtrl.8\CLSID
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBay.OneClickCtrl.8
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}\ProgID
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}\InprocServer32
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.google.oneclickctrl.8
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1\CLSID
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass\CLSID
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass\CurVer
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53A0F410-CBD6-443A-9E90-5A590AA233C2}\ProgID
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53A0F410-CBD6-443A-9E90-5A590AA233C2}\VersionIndependentProgID
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53A0F410-CBD6-443A-9E90-5A590AA233C2}
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{53A0F410-CBD6-443A-9E90-5A590AA233C2}
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SentryBayUpdate.exe
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\Clients
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\ClientState
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\ClientStateMedium
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\network\secure-S-1-5-18
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\network\secure-S-1-5-21-1302019708-1500728564-335382590-1000
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\network
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\UsageStats\Daily
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\UsageStats
2460
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update
2460
SentryBayUpdate.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update
path
C:\Program Files\SentryBay\Update\SentryBayUpdate.exe
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
brand
ac_creditsuisse
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
InstallTime
1560332498
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
pv
1.0.0.13544
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{53A0F410-CBD6-443A-9E90-5A590AA233C2}
Keeps your SentryBay software up to date. If this service is disabled or stopped, your SentryBay software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no SentryBay software using it.
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SentryBayUpdate.exe
AppID
{53A0F410-CBD6-443A-9E90-5A590AA233C2}
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{53A0F410-CBD6-443A-9E90-5A590AA233C2}
LocalService
sbupdate
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{53A0F410-CBD6-443A-9E90-5A590AA233C2}
ServiceParameters
/comsvc
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1
Google Update Core Class
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1\CLSID
{53A0F410-CBD6-443A-9E90-5A590AA233C2}
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass
Google Update Core Class
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass\CLSID
{53A0F410-CBD6-443A-9E90-5A590AA233C2}
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass\CurVer
GoogleUpdate.CoreClass.1
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53A0F410-CBD6-443A-9E90-5A590AA233C2}
Google Update Core Class
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53A0F410-CBD6-443A-9E90-5A590AA233C2}\ProgID
GoogleUpdate.CoreClass.1
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53A0F410-CBD6-443A-9E90-5A590AA233C2}\VersionIndependentProgID
GoogleUpdate.CoreClass
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53A0F410-CBD6-443A-9E90-5A590AA233C2}
AppID
{53A0F410-CBD6-443A-9E90-5A590AA233C2}
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@update.sentrybay.com/SentryBay Update;version=8
Path
C:\Program Files\SentryBay\Update\1.0.0.13544\npSentryBayOneClick8.dll
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@update.sentrybay.com/SentryBay Update;version=8
Description
SentryBay Update
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@update.sentrybay.com/SentryBay Update;version=8
ProductName
SentryBay Update
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@update.sentrybay.com/SentryBay Update;version=8
Vendor
SentryBay
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@update.sentrybay.com/SentryBay Update;version=8
Version
8
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}
AppName
SentryBayUpdate.exe
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}
AppPath
C:\Program Files\SentryBay\Update
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}
Policy
3
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBay.OneClickCtrl.8
SentryBay Update Plugin
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBay.OneClickCtrl.8\CLSID
{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}
SentryBay Update Plugin
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}\ProgID
SentryBay.OneClickCtrl.8
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}\InprocServer32
C:\Program Files\SentryBay\Update\1.0.0.13544\npSentryBayOneClick8.dll
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}\InprocServer32
ThreadingModel
Apartment
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.google.oneclickctrl.8
CLSID
{B73293AB-28F7-4D77-A6C3-7BE757E8F4C1}
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update
version
1.0.0.13544
2460
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Users\admin\AppData\Local\Temp\SentryBayUpdate.exe1580a3
2240
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
2240
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
2240
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\DBFF5159BA0409649B38F48A1EE47E5F
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\Usage
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33\SourceList\Media
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33\SourceList\Net
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33\SourceList
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\0BDC83ABC16B0944A9C92942C150AF33
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DBFF5159BA0409649B38F48A1EE47E5F
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9507B717889AF294FAB1CD7FB08E90BA
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\Features
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\Patches
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33
2240
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\63
2240
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages
2240
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2240
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Owner
C0080000ACC25B080321D501
2240
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
91308B61322D994EB32D2C3A99E7354E78547DABF7A3E1AB1059DF7BCE106054
2240
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Sequence
1
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\15081a.ipi
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\15081b.rbs
30744843
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\15081b.rbsLow
1787675472
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9507B717889AF294FAB1CD7FB08E90BA
0BDC83ABC16B0944A9C92942C150AF33
02:\SOFTWARE\SentryBay\Update\MsiStubRun
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SentryBay\Update
MsiStubRun
0
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
LocalPackage
C:\Windows\Installer\15081c.msi
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
AuthorizedCDFPrefix
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
Comments
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
Contact
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
DisplayVersion
1.0.0.13544
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
HelpLink
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
HelpTelephone
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
InstallDate
20190612
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
InstallLocation
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
InstallSource
C:\Program Files\SentryBay\Update\1.0.0.13544\
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
ModifyPath
MsiExec.exe /I{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
Publisher
SentryBay
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
Readme
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
Size
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
EstimatedSize
45
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
SystemComponent
1
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
UninstallString
MsiExec.exe /I{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
URLInfoAbout
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
URLUpdateInfo
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
VersionMajor
1
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
VersionMinor
0
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
WindowsInstaller
1
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
Version
16777216
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
Language
1033
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
AuthorizedCDFPrefix
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
Comments
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
Contact
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
DisplayVersion
1.0.0.13544
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
HelpLink
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
HelpTelephone
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
InstallDate
20190612
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
InstallLocation
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
InstallSource
C:\Program Files\SentryBay\Update\1.0.0.13544\
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
ModifyPath
MsiExec.exe /I{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
Publisher
SentryBay
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
Readme
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
Size
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
EstimatedSize
45
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
SystemComponent
1
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
UninstallString
MsiExec.exe /I{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
URLInfoAbout
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
URLUpdateInfo
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
VersionMajor
1
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
VersionMinor
0
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
WindowsInstaller
1
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
Version
16777216
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
Language
1033
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\DBFF5159BA0409649B38F48A1EE47E5F
0BDC83ABC16B0944A9C92942C150AF33
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\InstallProperties
DisplayName
SentryBay Update Helper
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA38CDB0-B61C-4490-9A9C-92241C05FA33}
DisplayName
SentryBay Update Helper
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\0BDC83ABC16B0944A9C92942C150AF33
Complete
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\Features
Complete
0a5PL!)GT?sf9ax}}Y{_
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDC83ABC16B0944A9C92942C150AF33\Patches
AllPatches
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33
ProductName
SentryBay Update Helper
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33
PackageCode
B19F72E94AFA97940ABA188B31690AA2
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33
Language
1033
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33
Version
16777216
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33
Assignment
1
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33
AdvertiseFlags
388
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33
InstanceType
0
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33
AuthorizedLUAApp
1
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33
DeploymentFlags
3
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DBFF5159BA0409649B38F48A1EE47E5F
0BDC83ABC16B0944A9C92942C150AF33
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33\SourceList
PackageName
SentryBayUpdateHelper.msi
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33\SourceList\Net
1
C:\Program Files\SentryBay\Update\1.0.0.13544\
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33\SourceList\Media
1
;
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33
Clients
:
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0BDC83ABC16B0944A9C92942C150AF33\SourceList
LastUsedSource
n;1;C:\Program Files\SentryBay\Update\1.0.0.13544\
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
99
2240
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
50790BBC589E16A587B5B128D6C56938C7B52FED19DB57D41EF9293007477E9B
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\15081e.ipi
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\15081f.rbs
30744843
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\15081f.rbsLow
2087985472
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages
C:\Windows\Installer\15081c.msi
0
2240
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
100
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdate.dll
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32
ThreadingModel
Both
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}
PSFactoryBuffer
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5D71F4F-5419-45C2-9D1A-D7136EB92DDF}\ProxyStubClsid32
{29A96789-9595-4947-BEDB-0FCC776F7DB8}
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5D71F4F-5419-45C2-9D1A-D7136EB92DDF}
IGoogleUpdate
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5D71F4F-5419-45C2-9D1A-D7136EB92DDF}\NumMethods
5
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C4473A1-648C-458F-B4D4-5EAF94B05114}\ProxyStubClsid32
{29A96789-9595-4947-BEDB-0FCC776F7DB8}
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C4473A1-648C-458F-B4D4-5EAF94B05114}
IProgressWndEvents
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C4473A1-648C-458F-B4D4-5EAF94B05114}\NumMethods
9
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32
{29A96789-9595-4947-BEDB-0FCC776F7DB8}
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}
IProcessLauncher
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods
6
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B96C6B3-21A7-406E-9A7C-95649E9957A8}\ProxyStubClsid32
{29A96789-9595-4947-BEDB-0FCC776F7DB8}
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B96C6B3-21A7-406E-9A7C-95649E9957A8}
IGoogleUpdateCore
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B96C6B3-21A7-406E-9A7C-95649E9957A8}\NumMethods
4
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8840BBC7-0116-49C4-81BD-28C1AB2BAC29}\ProxyStubClsid32
{29A96789-9595-4947-BEDB-0FCC776F7DB8}
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8840BBC7-0116-49C4-81BD-28C1AB2BAC29}
IJobObserver
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8840BBC7-0116-49C4-81BD-28C1AB2BAC29}\NumMethods
13
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32
{29A96789-9595-4947-BEDB-0FCC776F7DB8}
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}
IBrowserHttpRequest2
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods
4
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdateProcessLauncher.1.0
SentryBay Update Process Launcher Class
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdateProcessLauncher.1.0\CLSID
{D62DD144-A79C-461C-B6AE-110A08E04798}
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdateProcessLauncher
SentryBay Update Process Launcher Class
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdateProcessLauncher\CLSID
{D62DD144-A79C-461C-B6AE-110A08E04798}
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdateProcessLauncher\CurVer
SentryBayUpdateProcessLauncher.1.0
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D62DD144-A79C-461C-B6AE-110A08E04798}
SentryBay Update Process Launcher Class
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D62DD144-A79C-461C-B6AE-110A08E04798}\ProgID
SentryBayUpdateProcessLauncher.1.0
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D62DD144-A79C-461C-B6AE-110A08E04798}\VersionIndependentProgID
SentryBayUpdateProcessLauncher
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D62DD144-A79C-461C-B6AE-110A08E04798}\LocalServer32
"C:\Program Files\SentryBay\Update\SentryBayUpdate.exe"
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D62DD144-A79C-461C-B6AE-110A08E04798}\TypeLib
{450821B9-952C-4027-B25E-9759208BD14A}
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdate.OnDemandCOMClassMachine.1.0
SentryBayUpdate.OnDemandCOMClass
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdate.OnDemandCOMClassMachine.1.0\CLSID
{026813CC-986D-4DFF-855A-8F8F1262B1F8}
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdate.OnDemandCOMClassMachine
SentryBayUpdate.OnDemandCOMClass
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdate.OnDemandCOMClassMachine\CLSID
{026813CC-986D-4DFF-855A-8F8F1262B1F8}
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdate.OnDemandCOMClassMachine\CurVer
SentryBayUpdate.OnDemandCOMClassMachine.1.0
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026813CC-986D-4DFF-855A-8F8F1262B1F8}
SentryBayUpdate.OnDemandCOMClass
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026813CC-986D-4DFF-855A-8F8F1262B1F8}\ProgID
SentryBayUpdate.OnDemandCOMClassMachine.1.0
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026813CC-986D-4DFF-855A-8F8F1262B1F8}\VersionIndependentProgID
SentryBayUpdate.OnDemandCOMClassMachine
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026813CC-986D-4DFF-855A-8F8F1262B1F8}\LocalServer32
"C:\Program Files\SentryBay\Update\SentryBayUpdate.exe"
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026813CC-986D-4DFF-855A-8F8F1262B1F8}\TypeLib
{450821B9-952C-4027-B25E-9759208BD14A}
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026813CC-986D-4DFF-855A-8F8F1262B1F8}
LocalizedString
@C:\Program Files\SentryBay\Update\1.0.0.13544\goopdate.dll,-3000
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026813CC-986D-4DFF-855A-8F8F1262B1F8}\Elevation
Enabled
1
756
SentryBayUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026813CC-986D-4DFF-855A-8F8F1262B1F8}\Elevation
IconReference
@C:\Program Files\SentryBay\Update\1.0.0.13544\goopdate.dll,-1004
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{4882800D-8CF6-11E9-B3B3-5254004A04AF}
0
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307060003000C00090029002B007200
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307060003000C00090029002B007200
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307060003000C00090029002B006602
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
21
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307060003000C00090029002B008602
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
84
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307060003000C00090029002B00D402
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
48
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2612
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdateProcessLauncher.1.0\CLSID
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdateProcessLauncher.1.0
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdateProcessLauncher\CLSID
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdateProcessLauncher\CurVer
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdateProcessLauncher
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D62DD144-A79C-461C-B6AE-110A08E04798}\ProgID
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D62DD144-A79C-461C-B6AE-110A08E04798}\VersionIndependentProgID
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D62DD144-A79C-461C-B6AE-110A08E04798}\LocalServer32
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D62DD144-A79C-461C-B6AE-110A08E04798}\TypeLib
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D62DD144-A79C-461C-B6AE-110A08E04798}
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdate.OnDemandCOMClassMachine.1.0\CLSID
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdate.OnDemandCOMClassMachine.1.0
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdate.OnDemandCOMClassMachine\CLSID
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdate.OnDemandCOMClassMachine\CurVer
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SentryBayUpdate.OnDemandCOMClassMachine
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026813CC-986D-4DFF-855A-8F8F1262B1F8}\ProgID
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026813CC-986D-4DFF-855A-8F8F1262B1F8}\VersionIndependentProgID
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026813CC-986D-4DFF-855A-8F8F1262B1F8}\LocalServer32
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026813CC-986D-4DFF-855A-8F8F1262B1F8}\TypeLib
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026813CC-986D-4DFF-855A-8F8F1262B1F8}\Elevation
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026813CC-986D-4DFF-855A-8F8F1262B1F8}
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5D71F4F-5419-45C2-9D1A-D7136EB92DDF}\NumMethods
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5D71F4F-5419-45C2-9D1A-D7136EB92DDF}\ProxyStubClsid32
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5D71F4F-5419-45C2-9D1A-D7136EB92DDF}
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C4473A1-648C-458F-B4D4-5EAF94B05114}\NumMethods
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C4473A1-648C-458F-B4D4-5EAF94B05114}\ProxyStubClsid32
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C4473A1-648C-458F-B4D4-5EAF94B05114}
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B96C6B3-21A7-406E-9A7C-95649E9957A8}\NumMethods
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B96C6B3-21A7-406E-9A7C-95649E9957A8}\ProxyStubClsid32
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B96C6B3-21A7-406E-9A7C-95649E9957A8}
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8840BBC7-0116-49C4-81BD-28C1AB2BAC29}\NumMethods
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8840BBC7-0116-49C4-81BD-28C1AB2BAC29}\ProxyStubClsid32
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8840BBC7-0116-49C4-81BD-28C1AB2BAC29}
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InProcServer32
3572
SentryBayUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}

Files activity

Executable files
126
Suspicious files
3
Text files
15
Unknown types
4

Dropped files

PID
Process
Filename
Type
2460
SentryBayUpdate.exe
C:\Users\admin\AppData\Local\Temp\goopdateres_en.dll1580b3
executable
MD5: 6a5b0f7bc3828aa0bc01562caafb631b
SHA256: 449ec2307f04f9f39ea325a43ad4d1aaf8e1ba91bf40eda1e0da62f0435fb2c0
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_bg.dll
executable
MD5: 4048c1858ea8ade48340dc03eeefc10d
SHA256: 2567f19063c3e2abadac0efabd8584ad43031ae0521a038bafe43a8b453c3d0c
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_lt.dll
executable
MD5: 8e37f9684640e7ff0f26d55cf810e02a
SHA256: 3a8503e3623c9f63d5f65f52cd71518e045d136d1286bce19499d8db8b698387
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_ar.dll
executable
MD5: cc12783645cace2b872aa78a390a5293
SHA256: ae0ace471594ab8f6af9932214086817dda7ae5bf0bee997c0aeb574855d7f40
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_it.dll
executable
MD5: 598cc739c3d10dee25e436470755a811
SHA256: 2db74e99e0911822843f8733297f283febd36504cab6ab0118c2b3579222a8d3
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\SentryBayCrashHandler.exe
executable
MD5: e0d7a28a5b6881e6ec4547f7c95f8686
SHA256: 61babaa39ed55aa04a965bb359fd8e110167509f43b375ba838da0238e32edba
2240
msiexec.exe
C:\Windows\Installer\15081c.msi
executable
MD5: 1c16f460fc9b64c504d6cfa9eead1607
SHA256: 971e0a58657440e2f5650f4df989c53b89c2c9a8363242f7c12e04d0bfca4b9a
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdate.dll
executable
MD5: caa9da5c1875155750574ea978488581
SHA256: dff77cd06be186f579cc12c1b548b4cb86761627d8aed15ca272c318fa02b9ed
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_hr.dll
executable
MD5: bcdcf898a4f3e33131d5750b3d6980bf
SHA256: 64ab0a9a4841ed6d04c77d8429c815259f2f89add0aac106d6d07944ae7e0865
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\SentryBayUpdate.exe
executable
MD5: e0d7a28a5b6881e6ec4547f7c95f8686
SHA256: 61babaa39ed55aa04a965bb359fd8e110167509f43b375ba838da0238e32edba
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_bn.dll
executable
MD5: 44538afea8bacfac8d4a447dec4f8e8f
SHA256: 7f129c39c6d3b456673552384820decd2740b6218748de09849f75fbc8032e1d
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_gu.dll
executable
MD5: a69f983a0168d7b80c4a881ba51b7eb8
SHA256: 8b5f24f38b9ece20df5c8afe00328f8c1919e0c90b6a065ac7ad39d3be04aadd
2240
msiexec.exe
C:\Windows\Installer\150818.msi
executable
MD5: 1c16f460fc9b64c504d6cfa9eead1607
SHA256: 971e0a58657440e2f5650f4df989c53b89c2c9a8363242f7c12e04d0bfca4b9a
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_pl.dll
executable
MD5: f642767a878ec2ae512c769c31270d96
SHA256: 1dfb44558759fbae04ebfed424310872c9fbf2fc03eb337a6dbc8daf461da682
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_ca.dll
executable
MD5: 8f0d5f881901d32a959457d9ebc8f736
SHA256: cc32eaf21296faccb0ce728d55d986e0f608d36340137c216f83a991f2724e42
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_en.dll
executable
MD5: 6a5b0f7bc3828aa0bc01562caafb631b
SHA256: 449ec2307f04f9f39ea325a43ad4d1aaf8e1ba91bf40eda1e0da62f0435fb2c0
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_fa.dll
executable
MD5: 260aeeff3fe3b81dfd65321d3e575231
SHA256: 3af9f8dea8ccc78fd219ec03768685f962cb0ee36fc5d2ad0076678aaa375c95
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_zh-TW.dll
executable
MD5: 85b292b9f7077d72410d3bbd535b96c6
SHA256: 2cf0a71f96a39bf9889cf3e149078fac0f61b33a19cfb5ae66ff01f66c9578e4
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_cs.dll
executable
MD5: 502924390adf4afb8480096e38a45187
SHA256: 30b9993e3d28afc8783af8a1a76ff12697fd7972a8555b1fa461bf2527cf6730
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_kn.dll
executable
MD5: f42df0f6042798beaadf390214642f12
SHA256: eb3a6eb05c7338a468c218c31fe6d7bb0fcdd89e746dfbcf48245d842e450aab
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_et.dll
executable
MD5: 6e25bf9b41139accae891020916874f3
SHA256: e0cfd54da930c574e01a32e16025c91927c0b09bfbfed879448663f82f78c42f
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_th.dll
executable
MD5: 6af70f08dcb9cb9753bd1fbaa253816b
SHA256: e78eaacb51c4312138dd185da6653537d8510f38413fe6dca024ac79b7948084
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_da.dll
executable
MD5: 51b86b2bf8538025af9af738f6888120
SHA256: ddb91622854931260d64d749f1cc9024a903f99b4948a6420908aa04bd26402c
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_cs.dll
executable
MD5: 502924390adf4afb8480096e38a45187
SHA256: 30b9993e3d28afc8783af8a1a76ff12697fd7972a8555b1fa461bf2527cf6730
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\GoopdateBho.dll
executable
MD5: 7b6f5e2f19cd825fbc57679670be4dce
SHA256: 9ef4f92db9a5e88b8e0254b0e73abbde303386549ff4c4a2053af240a03477bd
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_lv.dll
executable
MD5: 94318aa7a12acc2c65109da30095ccfc
SHA256: 0c581b959a0378bdd3c46f7faf42a182bd3fce2b389471b1a4ea8a81e89b36e5
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_de.dll
executable
MD5: 8197263bcf4753ba3dbe41c53eac3ccb
SHA256: 1450c84f231d1dd37264580c4a36c19591bbadebcc1ed68bb985cdd1a13b80fb
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_da.dll
executable
MD5: 51b86b2bf8538025af9af738f6888120
SHA256: ddb91622854931260d64d749f1cc9024a903f99b4948a6420908aa04bd26402c
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\npSentryBayOneClick8.dll
executable
MD5: 732b8d6cb827667f67724892b773b699
SHA256: 8caf04d8adc95039b7f958955ce1ff4adab780fee7ab7b4595859754d1a55857
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_sk.dll
executable
MD5: cc6cc0eb3cd2b05bfbc799b7e7dc1b46
SHA256: be381569a6e534e7d1483ee57022eaeda94cc610a5da07fbfb240da4a246433b
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_el.dll
executable
MD5: 42dba00394938bea68aa8b44a360481d
SHA256: 88c34c1927fe3d05362321e2001bc3520ad7b98d1cd7ae130d7af9220e5de6fa
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_or.dll
executable
MD5: 577e0bd4f6eb7d8807d77e21629c3d37
SHA256: 110e52ea167818429670fcf7a748c3b29ef3740cd0b90df462356b128d343829
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\SentryBayUpdate.exe
executable
MD5: e0d7a28a5b6881e6ec4547f7c95f8686
SHA256: 61babaa39ed55aa04a965bb359fd8e110167509f43b375ba838da0238e32edba
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_or.dll
executable
MD5: 577e0bd4f6eb7d8807d77e21629c3d37
SHA256: 110e52ea167818429670fcf7a748c3b29ef3740cd0b90df462356b128d343829
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_en.dll
executable
MD5: 6a5b0f7bc3828aa0bc01562caafb631b
SHA256: 449ec2307f04f9f39ea325a43ad4d1aaf8e1ba91bf40eda1e0da62f0435fb2c0
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_fi.dll
executable
MD5: 3cdf42bcb266b74c65ac83754f32aa1b
SHA256: 97e9aad5f1d83adfd78ccde783f600a0989d4935970117c0085d11171e13ed29
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\SentryBayUpdateHelper.msi
executable
MD5: 1c16f460fc9b64c504d6cfa9eead1607
SHA256: 971e0a58657440e2f5650f4df989c53b89c2c9a8363242f7c12e04d0bfca4b9a
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_ur.dll
executable
MD5: 315ea24e2c80e300acc51650c808707b
SHA256: cdb146a1d2d9dc7e2940dec59f742e6a23a4e4b58a19293d7a16dc1e7760b305
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_en-GB.dll
executable
MD5: 452996f11b93bb8158a22bcf849f96c9
SHA256: 90a822549804fd1c2fe6b6d7a692da10d439beb4fd2aea9ece35998f3c660b47
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_is.dll
executable
MD5: db1b67f58824548b49677c1e8c068497
SHA256: 6cda5f4671c1a44d7a6a3e8a48b006e85c7c51724dcbad50b27ab2d4ac2dca69
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_zh-TW.dll
executable
MD5: 85b292b9f7077d72410d3bbd535b96c6
SHA256: 2cf0a71f96a39bf9889cf3e149078fac0f61b33a19cfb5ae66ff01f66c9578e4
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_mr.dll
executable
MD5: 6fc79fcd91873e4c659438b8c4a8bdcd
SHA256: f4d9b166c6b040c813848b3088a91d4d5cc0c687f08e7188bb8fca7113597a6b
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_es.dll
executable
MD5: 92b8ed8535af2e1eae9bed4588fff4d8
SHA256: db4b85e7687c169e183aeab778ed9c29d6741490fa1378ac4e5153b8b983afa3
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_ko.dll
executable
MD5: 042810b548108a92593f29d7f017d349
SHA256: 4849989aa124a8402debad2c2f372a15c096b373729f9daf3f23824dd2f039b9
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_zh-CN.dll
executable
MD5: e84adc262557c0743921ca33e897a8c9
SHA256: 6244fb8ecd8256750d10b0102c183c6830e42f19c682d547f854fc7e9602a54c
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_pt-PT.dll
executable
MD5: 794fa7de5e17c5aa72c531a3777dc628
SHA256: 638b30e6338e67232c9c07ab5d3abc969806f4070ce99e10eac8fd2b21522fd0
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_es-419.dll
executable
MD5: eff6e2905466f22a4f28cbde5b3e9e9b
SHA256: 65eea78f12eb9ad42d24e3050124c354da58951d602bcaaf99edb45bb608798e
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_ja.dll
executable
MD5: 8b2959417645b26942508e44e8f5f15c
SHA256: 04173e50cf954354075cee5c2275a5f0b596691d5ed32cce688a2448b8f4fb8c
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_vi.dll
executable
MD5: 171ade43a28e6ebbea7cfe79a4657f91
SHA256: d5a1f7af52c184166cc9e793f065a876d22c922e11abd5cba48617f9c2f35998
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_vi.dll
executable
MD5: 171ade43a28e6ebbea7cfe79a4657f91
SHA256: d5a1f7af52c184166cc9e793f065a876d22c922e11abd5cba48617f9c2f35998
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_et.dll
executable
MD5: 6e25bf9b41139accae891020916874f3
SHA256: e0cfd54da930c574e01a32e16025c91927c0b09bfbfed879448663f82f78c42f
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_el.dll
executable
MD5: 42dba00394938bea68aa8b44a360481d
SHA256: 88c34c1927fe3d05362321e2001bc3520ad7b98d1cd7ae130d7af9220e5de6fa
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_ur.dll
executable
MD5: 315ea24e2c80e300acc51650c808707b
SHA256: cdb146a1d2d9dc7e2940dec59f742e6a23a4e4b58a19293d7a16dc1e7760b305
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_ms.dll
executable
MD5: ee87fd55ff5197d5ea2fb8c6487510f2
SHA256: fd5742fa7d427a83a1693e95cb1438c29c63cc42a4e34c908c441eb6278d80db
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_fa.dll
executable
MD5: 260aeeff3fe3b81dfd65321d3e575231
SHA256: 3af9f8dea8ccc78fd219ec03768685f962cb0ee36fc5d2ad0076678aaa375c95
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_hi.dll
executable
MD5: bf22ce0276764219c370249e85bc19a2
SHA256: ae761aac68fa07dca9ba6e86f3c1886c042ee902b0b535d18860275feaaa5b2e
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_uk.dll
executable
MD5: d64092007c373afeb4036ac40870aba7
SHA256: 2652877ab99a15ffc8eaf1efcdaaa00c9dcd3ea424e6291eec3da9741505382b
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_ml.dll
executable
MD5: eaf5a17ede25b966767657ac61baada4
SHA256: 411b4a2d640110d0e628fe80fb19bd2f15b4dc603354f6250f9e574755da92be
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_fi.dll
executable
MD5: 3cdf42bcb266b74c65ac83754f32aa1b
SHA256: 97e9aad5f1d83adfd78ccde783f600a0989d4935970117c0085d11171e13ed29
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_fil.dll
executable
MD5: 7c8844bf88024b5d559852d6e1e77885
SHA256: f46045d90de7682465b8fa1ec95074e14fbd4606729d264dc24704ddf6d01ce3
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_tr.dll
executable
MD5: cb57f0fbdadbeade7c1a68293726230f
SHA256: f72912a6b70d663051233f419d901abd501249b002046a74e984f09c0575929a
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_sl.dll
executable
MD5: f7febc32acd623a9321758aafec3a325
SHA256: 824f235084a82009267dae97aa2502b09fbf0218876c5a1ba4b36d579069a1d4
2460
SentryBayUpdate.exe
C:\Users\admin\AppData\Local\Temp\goopdate.dll1580b3
executable
MD5: caa9da5c1875155750574ea978488581
SHA256: dff77cd06be186f579cc12c1b548b4cb86761627d8aed15ca272c318fa02b9ed
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_id.dll
executable
MD5: 0966278691de3b0edef330c27b520978
SHA256: a3cb160514383ab7566a5fcedfe483e16c5261ce18baaf7d5dcee6b6f3886946
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_th.dll
executable
MD5: 6af70f08dcb9cb9753bd1fbaa253816b
SHA256: e78eaacb51c4312138dd185da6653537d8510f38413fe6dca024ac79b7948084
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_tr.dll
executable
MD5: cb57f0fbdadbeade7c1a68293726230f
SHA256: f72912a6b70d663051233f419d901abd501249b002046a74e984f09c0575929a
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_fr.dll
executable
MD5: 82ec6250c917929b4edfdda3c213069a
SHA256: 2f514cd8599832eae30747d4399fc7551070bfe210a4549f69a61a489d7c2712
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_en-GB.dll
executable
MD5: 452996f11b93bb8158a22bcf849f96c9
SHA256: 90a822549804fd1c2fe6b6d7a692da10d439beb4fd2aea9ece35998f3c660b47
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_te.dll
executable
MD5: ece52540b3bde1227ca1593ba62c0892
SHA256: 841c9801c66ed989dd7138a28134a48c97cd7571f987aebf1ea981ff349b9ac0
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_te.dll
executable
MD5: ece52540b3bde1227ca1593ba62c0892
SHA256: 841c9801c66ed989dd7138a28134a48c97cd7571f987aebf1ea981ff349b9ac0
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_gu.dll
executable
MD5: a69f983a0168d7b80c4a881ba51b7eb8
SHA256: 8b5f24f38b9ece20df5c8afe00328f8c1919e0c90b6a065ac7ad39d3be04aadd
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_fr.dll
executable
MD5: 82ec6250c917929b4edfdda3c213069a
SHA256: 2f514cd8599832eae30747d4399fc7551070bfe210a4549f69a61a489d7c2712
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_ta.dll
executable
MD5: a9cc9195a55e86db22ce55242d1b2c01
SHA256: 2f65970557fd92f7fe3486fdc78f5941e317a82eb7b89aa9f00a59e09a612303
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_sr.dll
executable
MD5: 70ae6f0537bbd06357d09c813c5703c1
SHA256: f9e00549e70553cf8b9af8966f0c1f53c15b65ea6ff044cb9b706a292a4a5b7c
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_hi.dll
executable
MD5: bf22ce0276764219c370249e85bc19a2
SHA256: ae761aac68fa07dca9ba6e86f3c1886c042ee902b0b535d18860275feaaa5b2e
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_de.dll
executable
MD5: 8197263bcf4753ba3dbe41c53eac3ccb
SHA256: 1450c84f231d1dd37264580c4a36c19591bbadebcc1ed68bb985cdd1a13b80fb
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_sv.dll
executable
MD5: 8aeea4a4ff59aedea9c6dbf40aa1b8b9
SHA256: 4e28f4d592d91423d547da30d60ae9fd5c6d5d06fc2e276e68bf6cdf169ea964
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_ro.dll
executable
MD5: 1e9f65751ab0129028cbd90e17635ed4
SHA256: 13929e98beb82caee6a794544d46dd2a1a14b159cbcc72bd845f173a705782e5
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_hr.dll
executable
MD5: bcdcf898a4f3e33131d5750b3d6980bf
SHA256: 64ab0a9a4841ed6d04c77d8429c815259f2f89add0aac106d6d07944ae7e0865
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_ca.dll
executable
MD5: 8f0d5f881901d32a959457d9ebc8f736
SHA256: cc32eaf21296faccb0ce728d55d986e0f608d36340137c216f83a991f2724e42
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_sr.dll
executable
MD5: 70ae6f0537bbd06357d09c813c5703c1
SHA256: f9e00549e70553cf8b9af8966f0c1f53c15b65ea6ff044cb9b706a292a4a5b7c
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_ru.dll
executable
MD5: e2fb895ef5c04eb4a9332f92a0e4093d
SHA256: 0a26e8e4ab0087e037690d38bf65640ed8bc532844d78c1a664ddbbb8915cb1c
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_hu.dll
executable
MD5: ee4b725535243271acd2fa059391abca
SHA256: 1a9cb6b76714472559b1993837627739481a83d62a71fdfba9ba19c249981cbc
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\SentryBayUpdateHelper.msi
executable
MD5: 1c16f460fc9b64c504d6cfa9eead1607
SHA256: 971e0a58657440e2f5650f4df989c53b89c2c9a8363242f7c12e04d0bfca4b9a
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_sl.dll
executable
MD5: f7febc32acd623a9321758aafec3a325
SHA256: 824f235084a82009267dae97aa2502b09fbf0218876c5a1ba4b36d579069a1d4
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_nl.dll
executable
MD5: ac0e465b76ed29231ca2e16bcb05f167
SHA256: 99384d140539be8e1e8565759ae852ca1fe71577d0a979064fdf9b8224827059
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_id.dll
executable
MD5: 0966278691de3b0edef330c27b520978
SHA256: a3cb160514383ab7566a5fcedfe483e16c5261ce18baaf7d5dcee6b6f3886946
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\SentryBayCrashHandler.exe
executable
MD5: e0d7a28a5b6881e6ec4547f7c95f8686
SHA256: 61babaa39ed55aa04a965bb359fd8e110167509f43b375ba838da0238e32edba
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_sk.dll
executable
MD5: cc6cc0eb3cd2b05bfbc799b7e7dc1b46
SHA256: be381569a6e534e7d1483ee57022eaeda94cc610a5da07fbfb240da4a246433b
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_uk.dll
executable
MD5: d64092007c373afeb4036ac40870aba7
SHA256: 2652877ab99a15ffc8eaf1efcdaaa00c9dcd3ea424e6291eec3da9741505382b
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_is.dll
executable
MD5: db1b67f58824548b49677c1e8c068497
SHA256: 6cda5f4671c1a44d7a6a3e8a48b006e85c7c51724dcbad50b27ab2d4ac2dca69
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_bg.dll
executable
MD5: 4048c1858ea8ade48340dc03eeefc10d
SHA256: 2567f19063c3e2abadac0efabd8584ad43031ae0521a038bafe43a8b453c3d0c
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_ru.dll
executable
MD5: e2fb895ef5c04eb4a9332f92a0e4093d
SHA256: 0a26e8e4ab0087e037690d38bf65640ed8bc532844d78c1a664ddbbb8915cb1c
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_pt-BR.dll
executable
MD5: 52be32df881ee2f73b995caaa3bb6f26
SHA256: 6d6c6cbf09e99055ff9f605d9df58ce43c72d3c8d039775553289bda6849cdd5
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_it.dll
executable
MD5: 598cc739c3d10dee25e436470755a811
SHA256: 2db74e99e0911822843f8733297f283febd36504cab6ab0118c2b3579222a8d3
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\SentryBayUpdate.exe
executable
MD5: e0d7a28a5b6881e6ec4547f7c95f8686
SHA256: 61babaa39ed55aa04a965bb359fd8e110167509f43b375ba838da0238e32edba
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_ro.dll
executable
MD5: 1e9f65751ab0129028cbd90e17635ed4
SHA256: 13929e98beb82caee6a794544d46dd2a1a14b159cbcc72bd845f173a705782e5
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_ta.dll
executable
MD5: a9cc9195a55e86db22ce55242d1b2c01
SHA256: 2f65970557fd92f7fe3486fdc78f5941e317a82eb7b89aa9f00a59e09a612303
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_iw.dll
executable
MD5: ceecf48b4000df55e7c7bdec74769b6b
SHA256: a391ed4c897e44911893bc0ca0c3996374f8e6c966eb581c56d4e31cf6c16057
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\npSentryBayOneClick8.dll
executable
MD5: 732b8d6cb827667f67724892b773b699
SHA256: 8caf04d8adc95039b7f958955ce1ff4adab780fee7ab7b4595859754d1a55857
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_pt-PT.dll
executable
MD5: 794fa7de5e17c5aa72c531a3777dc628
SHA256: 638b30e6338e67232c9c07ab5d3abc969806f4070ce99e10eac8fd2b21522fd0
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_no.dll
executable
MD5: 9872f0f249284c2b73c0493c71d1313c
SHA256: d68a6cd708bef4483aa69901538c5cdb0215ce426dfefb93b01f5c5675df17a8
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_ja.dll
executable
MD5: 8b2959417645b26942508e44e8f5f15c
SHA256: 04173e50cf954354075cee5c2275a5f0b596691d5ed32cce688a2448b8f4fb8c
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_ar.dll
executable
MD5: cc12783645cace2b872aa78a390a5293
SHA256: ae0ace471594ab8f6af9932214086817dda7ae5bf0bee997c0aeb574855d7f40
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_pt-BR.dll
executable
MD5: 52be32df881ee2f73b995caaa3bb6f26
SHA256: 6d6c6cbf09e99055ff9f605d9df58ce43c72d3c8d039775553289bda6849cdd5
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_zh-CN.dll
executable
MD5: e84adc262557c0743921ca33e897a8c9
SHA256: 6244fb8ecd8256750d10b0102c183c6830e42f19c682d547f854fc7e9602a54c
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_kn.dll
executable
MD5: f42df0f6042798beaadf390214642f12
SHA256: eb3a6eb05c7338a468c218c31fe6d7bb0fcdd89e746dfbcf48245d842e450aab
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\GoopdateBho.dll
executable
MD5: 7b6f5e2f19cd825fbc57679670be4dce
SHA256: 9ef4f92db9a5e88b8e0254b0e73abbde303386549ff4c4a2053af240a03477bd
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_ko.dll
executable
MD5: 042810b548108a92593f29d7f017d349
SHA256: 4849989aa124a8402debad2c2f372a15c096b373729f9daf3f23824dd2f039b9
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_sv.dll
executable
MD5: 8aeea4a4ff59aedea9c6dbf40aa1b8b9
SHA256: 4e28f4d592d91423d547da30d60ae9fd5c6d5d06fc2e276e68bf6cdf169ea964
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_lt.dll
executable
MD5: 8e37f9684640e7ff0f26d55cf810e02a
SHA256: 3a8503e3623c9f63d5f65f52cd71518e045d136d1286bce19499d8db8b698387
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_bn.dll
executable
MD5: 44538afea8bacfac8d4a447dec4f8e8f
SHA256: 7f129c39c6d3b456673552384820decd2740b6218748de09849f75fbc8032e1d
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_lv.dll
executable
MD5: 94318aa7a12acc2c65109da30095ccfc
SHA256: 0c581b959a0378bdd3c46f7faf42a182bd3fce2b389471b1a4ea8a81e89b36e5
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_iw.dll
executable
MD5: ceecf48b4000df55e7c7bdec74769b6b
SHA256: a391ed4c897e44911893bc0ca0c3996374f8e6c966eb581c56d4e31cf6c16057
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_ml.dll
executable
MD5: eaf5a17ede25b966767657ac61baada4
SHA256: 411b4a2d640110d0e628fe80fb19bd2f15b4dc603354f6250f9e574755da92be
2460
SentryBayUpdate.exe
C:\Users\admin\AppData\Local\Temp\SentryBayUpdate.exe1580a3
executable
MD5: e0d7a28a5b6881e6ec4547f7c95f8686
SHA256: 61babaa39ed55aa04a965bb359fd8e110167509f43b375ba838da0238e32edba
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_pl.dll
executable
MD5: f642767a878ec2ae512c769c31270d96
SHA256: 1dfb44558759fbae04ebfed424310872c9fbf2fc03eb337a6dbc8daf461da682
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_es-419.dll
executable
MD5: eff6e2905466f22a4f28cbde5b3e9e9b
SHA256: 65eea78f12eb9ad42d24e3050124c354da58951d602bcaaf99edb45bb608798e
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_ms.dll
executable
MD5: ee87fd55ff5197d5ea2fb8c6487510f2
SHA256: fd5742fa7d427a83a1693e95cb1438c29c63cc42a4e34c908c441eb6278d80db
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_mr.dll
executable
MD5: 6fc79fcd91873e4c659438b8c4a8bdcd
SHA256: f4d9b166c6b040c813848b3088a91d4d5cc0c687f08e7188bb8fca7113597a6b
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_nl.dll
executable
MD5: ac0e465b76ed29231ca2e16bcb05f167
SHA256: 99384d140539be8e1e8565759ae852ca1fe71577d0a979064fdf9b8224827059
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdate.dll
executable
MD5: caa9da5c1875155750574ea978488581
SHA256: dff77cd06be186f579cc12c1b548b4cb86761627d8aed15ca272c318fa02b9ed
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_no.dll
executable
MD5: 9872f0f249284c2b73c0493c71d1313c
SHA256: d68a6cd708bef4483aa69901538c5cdb0215ce426dfefb93b01f5c5675df17a8
2176
SentryBayUpdate.exe
C:\Program Files\SentryBay\Update\1.0.0.13544\goopdateres_fil.dll
executable
MD5: 7c8844bf88024b5d559852d6e1e77885
SHA256: f46045d90de7682465b8fa1ec95074e14fbd4606729d264dc24704ddf6d01ce3
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_hu.dll
executable
MD5: ee4b725535243271acd2fa059391abca
SHA256: 1a9cb6b76714472559b1993837627739481a83d62a71fdfba9ba19c249981cbc
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUME4B1.tmp\goopdateres_es.dll
executable
MD5: 92b8ed8535af2e1eae9bed4588fff4d8
SHA256: db4b85e7687c169e183aeab778ed9c29d6741490fa1378ac4e5153b8b983afa3
2460
SentryBayUpdate.exe
C:\Windows\Tasks\SentryBayUpdateTaskMachineUA.job
binary
MD5: ba8dd440e42086ab7d6d533951c46331
SHA256: 4372f182c2ed028f8ec8996a9df8038696f798c306412169a6e0a8e2d79c85a9
2460
SentryBayUpdate.exe
C:\Windows\Tasks\SentryBayUpdateTaskMachineCore.job
skc
MD5: 5c8d4566e9827e7c1cb5c6ccc9d73067
SHA256: 5cfab73e3e3b57cee7c3d3935341582e4077bcb95b9505db3ddb71ff3ec097f0
2240
msiexec.exe
C:\Windows\Installer\15081a.ipi
binary
MD5: 473a505413469b66d33384d44e89a051
SHA256: 744ef0f6259d979d9be39745034089a36096563f5f6e698df45cc284e28657a4
2240
msiexec.exe
C:\Windows\Installer\MSI9CD.tmp
––
MD5:  ––
SHA256:  ––
2240
msiexec.exe
C:\Config.Msi\15081b.rbs
––
MD5:  ––
SHA256:  ––
2240
msiexec.exe
C:\Windows\Installer\15081a.ipi
––
MD5:  ––
SHA256:  ––
2240
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DFB306D2A7208DF181.TMP
––
MD5:  ––
SHA256:  ––
2732
SentryBayUpdate.exe
C:\Windows\TEMP\GURD86.exe
––
MD5:  ––
SHA256:  ––
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2612
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VCZXS5VI\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4UTUSK2M\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SHN2SO89\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D9AFI5ZX\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: a6518983441924076cebaf4eef59fb78
SHA256: e6e99fe7b9bc118564257263f72195acc63381979fa83f038fce9aae2e8fb6d3
2240
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF3F39A2B83EF8FA28.TMP
––
MD5:  ––
SHA256:  ––
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SHN2SO89\http_404[1]
html
MD5: 4cd84a1b063bf6dea53e06755ef9e24d
SHA256: 988cc4b451673f847d823c9d9ba14ad50d3ca1141bc1e17c6415b8f64b6e1c22
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VCZXS5VI\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4UTUSK2M\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VCZXS5VI\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D9AFI5ZX\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SHN2SO89\info_48[1]
image
MD5: 49e0ef03e74704089a60c437085db89e
SHA256: caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 66d20d9cf2322c4b662ea6e754325cd7
SHA256: d6a4c1df6554cdc6d56f1d92fd09f3d7991e3620151f00db51d55c8ee260c3cc
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D9AFI5ZX\down[1]
image
MD5: 555e83ce7f5d280d7454af334571fb25
SHA256: 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4UTUSK2M\bullet[1]
image
MD5: 0c4c086dd852704e8eeb8ff83e3b73d1
SHA256: 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
2240
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF3730F3D6C096B89C.TMP
––
MD5:  ––
SHA256:  ––
2240
msiexec.exe
C:\Windows\Installer\MSI7F2F.tmp
––
MD5:  ––
SHA256:  ––
2240
msiexec.exe
C:\Config.Msi\15081f.rbs
––
MD5:  ––
SHA256:  ––
2240
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DFEBF7940F928DF62B.TMP
––
MD5:  ––
SHA256:  ––
2240
msiexec.exe
C:\Windows\Installer\15081e.ipi
––
MD5:  ––
SHA256:  ––
3100
MyDesk.exe
C:\Users\admin\AppData\Local\Temp\GUTE4B2.tmp
compressed
MD5: e952d7293e5482039557041b0dfc0538
SHA256: ce9de121442df943c98606940c5f59018d4d081656bb92cf3d75a831facf9d55
3832
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 76739bb3966bfe9f9deba29553d53807
SHA256: 46ae5c900d515aa98f261d375938b3076bd7ff562f8fe8b24a94f4f55a3a5936

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
7
TCP/UDP connections
13
DNS requests
4
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2460 SentryBayUpdate.exe POST –– 172.217.16.147:80 http://update.sentrybay.com/update US
xml
––
––
malicious
2460 SentryBayUpdate.exe POST 404 172.217.16.147:80 http://update.sentrybay.com/update US
xml
xml
malicious
2732 SentryBayUpdate.exe GET 404 216.58.205.238:80 http://cr-tools.clients.google.com/service/check2?appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.0.0.13544&applang=&machine=1&version=1.3.33.23&osversion=6.1&servicepack=Service%20Pack%201 US
xml
whitelisted
2460 SentryBayUpdate.exe POST 404 172.217.16.147:80 http://update.sentrybay.com/update?w=3:An5AfAuRC08ZLQqmwekSPHgblNibdaUOLk6l4YjADxNgREKw_2uyJrUtY9iQcGNszFYlp74THfsYctQhC9O4NNuiHPivcNiDu0hGewu9MX2e7-8VFr9RR8eCdWchM00WC0WeoVyNpp1CLUIXowYDnqcont2rDMCz0HL7gyE0g7A US
xml
xml
malicious
2460 SentryBayUpdate.exe POST 404 172.217.16.147:80 http://update.sentrybay.com/update US
xml
xml
malicious
3832 iexplore.exe GET 404 216.58.207.36:80 http://www.google.com/support/installer/?hl=&errorcode=0x80042194&extracode1=0x00000000&extracode2=0&app=%7B12F2FF45-4DA6-11DF-BFFB-3516A1BE09AA%7D&guver=1.0.0.13544&ismachine=1&os=6.1&sp=Service%20Pack%201&iid=&brand=ac_creditsuisse&source=updatecheck&testsource=auto US
xml
whitelisted
2612 iexplore.exe GET 404 204.79.197.200:80 http://www.bing.com/favicon.ico US
xml
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2460 SentryBayUpdate.exe 172.217.16.147:80 Google Inc. US malicious
2460 SentryBayUpdate.exe 172.217.16.147:443 Google Inc. US malicious
2732 SentryBayUpdate.exe 216.58.205.238:80 Google Inc. US whitelisted
3832 iexplore.exe 216.58.207.36:80 Google Inc. US whitelisted
2612 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted

DNS requests

Domain IP Reputation
update.sentrybay.com 172.217.16.147
malicious
cr-tools.clients.google.com 216.58.205.238
whitelisted
www.google.com 216.58.207.36
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.