Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PGCTGZXFCD20242008.msi

Overview

General Information

Sample name:PGCTGZXFCD20242008.msi
Analysis ID:1496120
MD5:d65f0b1d9d478f6785edaece2f04b92a
SHA1:cda3ad0a0c7c1c95497e2654978ed197e21c688f
SHA256:2a7a97fe1b769f2b74ebd66c447708f5b5beb60bad5a53d05d7f428770ba2f62
Tags:Grandoreiromsi
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Creates autostart registry keys to launch java
Found suspicious ZIP file
Java source code contains very large array initializations
Checks for available system drives (often done to infect USB drives)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info

Classification

  • System is w10x64
  • msiexec.exe (PID: 5056 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PGCTGZXFCD20242008.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 6452 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 2548 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding E807D6F61E9082830029FEB9BC4A49AB MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Submited SampleIntegrated Neural Analysis Model: Matched 83.4% probability
Source: C:\Windows\System32\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\plugin2\msvcr100.dllJump to behavior
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb source: java_crw_demo.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdbPfC source: javaws.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: ktab.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb@ source: fontmanager.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb source: eula.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: javaws.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: sunmscapi.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: servertool.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: java-rmi.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb0 source: eula.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\ssvagent\obj\ssvagent.pdb source: ssvagent.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: orbd.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: zip.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb source: fontmanager.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libunpack\unpack.pdb source: unpack.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: pack200.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libkrb5\w2k_lsa_auth.pdb9' source: w2k_lsa_auth.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb98 source: java_crw_demo.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: rmid.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: dt_shmem.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\deploy.pdb source: deploy.dll.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: PGCTGZXFCD20242008.msi, MSI4D3C.tmp.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libkrb5\w2k_lsa_auth.pdb source: w2k_lsa_auth.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: policytool.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: jp2launcher.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdbP*A source: jp2launcher.exe.2.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: jfxwebkit.dll.2.drString found in binary or memory: ftp://http://base%.20s%ddefault%d%.20scopying
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamer
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internal
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.This
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Your
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: jfxwebkit.dll.2.drString found in binary or memory: http://exslt.org/common
Source: jfxwebkit.dll.2.drString found in binary or memory: http://exslt.org/commonnode-setdata-typexsltDoSortFunction:
Source: jfxwebkit.dll.2.drString found in binary or memory: http://icl.com/saxon
Source: jfxwebkit.dll.2.drString found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://ocsp.thawte.com0
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://s2.symcb.com0
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://sv.symcd.com0&
Source: jfxwebkit.dll.2.drString found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1.
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: jfxwebkit.dll.2.drString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: jfxwebkit.dll.2.drString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://www.ifpi.org/isrc/
Source: jfxwebkit.dll.2.drString found in binary or memory: http://www.jclark.com/xt
Source: jfxwebkit.dll.2.drString found in binary or memory: http://www.khronos.org/registry/typedarray/specs/latest/#7
Source: ffjcext.zip.2.drString found in binary or memory: http://www.mozilla.org/2004/em-rdf#
Source: ffjcext.zip.2.drString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://www.symauth.com/cps0(
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://www.symauth.com/rpa00
Source: jfxwebkit.dll.2.drString found in binary or memory: http://xmlsoft.org/XSLT/
Source: jfxwebkit.dll.2.drString found in binary or memory: http://xmlsoft.org/XSLT/Templates:
Source: jfxwebkit.dll.2.drString found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: jfxwebkit.dll.2.drString found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxpath
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: https://d.symcb.com/cps0%
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: https://d.symcb.com/rpa0

System Summary

barindex
Source: ffjcext.zip.2.drZip Entry: {CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.js
Source: access-bridge.jar.2.dr, com/sun/deploy/resources/Deployment.javaLarge array initialization: getContents: array initializer size 1606
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\414346.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4C6E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4CDC.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D0C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D3C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D9B.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{A8DC4BBE-5C2B-4373-AA6E-A0898522FA98}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4EE4.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI4C6E.tmpJump to behavior
Source: PGCTGZXFCD20242008.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs PGCTGZXFCD20242008.msi
Source: classification engineClassification label: mal56.winMSI@4/147@0/0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML4F6B.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFEAB6C2A27838B31F.TMPJump to behavior
Source: jfxwebkit.dll.2.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: jfxwebkit.dll.2.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: jfxwebkit.dll.2.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: jfxwebkit.dll.2.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: jfxwebkit.dll.2.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: jfxwebkit.dll.2.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE Origins (origin TEXT UNIQUE ON CONFLICT REPLACE, path TEXT);
Source: jfxwebkit.dll.2.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PGCTGZXFCD20242008.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E807D6F61E9082830029FEB9BC4A49AB
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E807D6F61E9082830029FEB9BC4A49ABJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: PGCTGZXFCD20242008.msiStatic file information: File size 67692544 > 1048576
Source: C:\Windows\System32\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\plugin2\msvcr100.dllJump to behavior
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb source: java_crw_demo.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdbPfC source: javaws.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: ktab.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb@ source: fontmanager.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb source: eula.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: javaws.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: sunmscapi.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: servertool.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: java-rmi.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb0 source: eula.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\ssvagent\obj\ssvagent.pdb source: ssvagent.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: orbd.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: zip.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb source: fontmanager.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libunpack\unpack.pdb source: unpack.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: pack200.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libkrb5\w2k_lsa_auth.pdb9' source: w2k_lsa_auth.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb98 source: java_crw_demo.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: rmid.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: dt_shmem.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\deploy.pdb source: deploy.dll.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: PGCTGZXFCD20242008.msi, MSI4D3C.tmp.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libkrb5\w2k_lsa_auth.pdb source: w2k_lsa_auth.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: policytool.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: jp2launcher.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdbP*A source: jp2launcher.exe.2.dr
Source: jfxwebkit.dll.2.drStatic PE information: section name: .unwante
Source: prism_sw.dll.2.drStatic PE information: section name: _RDATA
Source: msvcr100.dll.2.drStatic PE information: section name: .text entropy: 6.90903234258047
Source: msvcr120.dll.2.drStatic PE information: section name: .text entropy: 6.95576372950548
Source: msvcr100.dll0.2.drStatic PE information: section name: .text entropy: 6.90903234258047
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\t2k.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jp2launcher.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4CDC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\msvcr100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\sunmscapi.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\nio.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jp2native.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\ssv.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\fxplugins.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D0C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dcpr.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dt_socket.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4C6E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\klist.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dtplugin\deployJava1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\servertool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jsoundds.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jfr.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D9B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\sunec.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\j2pkcs11.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javaws.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\java_crw_demo.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\pack200.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\msvcp120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\msvcr120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jdwp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\splashscreen.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\policytool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javacpl.cplJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\mlib_image.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jp2iexp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jabswitch.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\wsdetect.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D3C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\j2pcsc.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\hprof.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jfxmedia.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\java-rmi.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\plugin2\npjp2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javaw.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\tnameserv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\resource.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\eula.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\verify.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\java.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\zip.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\lcms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\awt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\JAWTAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javafx_font.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jawt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\prism_d3d.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\client\jvm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\unpack200.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\prism_common.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\bci.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\net.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\glass.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\ssvagent.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\decora_sse.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\kinit.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\npt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jpeg.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\orbd.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\gstreamer-lite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\management.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jp2ssv.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\kcms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javafx_iio.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jjs.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jfxwebkit.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dt_shmem.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\java.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\JavaAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\rmiregistry.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\WindowsAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\fontmanager.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javafx_font_t2k.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\w2k_lsa_auth.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\keytool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\ktab.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\JavaAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jsound.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jaas_nt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\prism_sw.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jli.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\deploy.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\glib-lite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jsdt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\Data.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\plugin2\msvcr100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\unpack.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\rmid.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javacpl.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\instrument.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4CDC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D0C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D9B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D3C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4C6E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javacpl.cplJump to dropped file

Boot Survival

barindex
Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\42112CAB75FB99A42AA1B59724538D4F EBB4CD8AB2C53734AAE60A985822AF89 C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javaw.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\t2k.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jp2launcher.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4CDC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\msvcr100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\sunmscapi.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\nio.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jp2native.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\ssv.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\fxplugins.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4D0C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dcpr.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dt_socket.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4C6E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\klist.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dtplugin\deployJava1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\servertool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jsoundds.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jfr.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4D9B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\j2pkcs11.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\sunec.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javaws.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\java_crw_demo.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\pack200.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\msvcp120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\msvcr120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jdwp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\splashscreen.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\policytool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javacpl.cplJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\mlib_image.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jp2iexp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jabswitch.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\wsdetect.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4D3C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\j2pcsc.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\hprof.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jfxmedia.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\java-rmi.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\plugin2\npjp2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javaw.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\resource.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\tnameserv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\eula.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\verify.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\java.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\zip.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\lcms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\awt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\JAWTAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javafx_font.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\prism_d3d.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jawt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\client\jvm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\unpack200.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\prism_common.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\bci.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\net.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\glass.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\ssvagent.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\decora_sse.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\kinit.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\npt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\orbd.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jpeg.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\gstreamer-lite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\management.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jp2ssv.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\kcms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javafx_iio.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jjs.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jfxwebkit.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dt_shmem.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\java.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\JavaAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\rmiregistry.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\WindowsAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\fontmanager.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javafx_font_t2k.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\w2k_lsa_auth.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\keytool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\ktab.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jsound.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\JavaAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jaas_nt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\prism_sw.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jli.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\deploy.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\glib-lite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jsdt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\Data.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\plugin2\msvcr100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\unpack.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\rmid.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javacpl.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\instrument.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: deploy.dll.2.drBinary or memory string: [mwndProcID was NULL in mainLoop()wndProc(JIJJ)JNULL != hIcon../../src/common/windows/native/WindowsJavaTrayIcon.cppTrayNotifyWndShell_TrayWndUnable to Start Java Plug-in Control Panel%s\javacpl.exeJava Sys Tray
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media
Windows Management Instrumentation1
DLL Side-Loading
2
Process Injection
31
Masquerading
OS Credential Dumping2
Process Discovery
Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder
1
DLL Side-Loading
1
Software Packing
LSASS Memory11
Peripheral Device Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder
2
Process Injection
Security Account Manager11
System Information Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\JAWTAccessBridge-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\JAWTAccessBridge.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\JavaAccessBridge-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\JavaAccessBridge.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\WindowsAccessBridge-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\WindowsAccessBridge.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\awt.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\bci.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\client\jvm.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dcpr.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\decora_sse.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\deploy.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dt_shmem.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dt_socket.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dtplugin\deployJava1.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\dtplugin\npdeployJava1.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\eula.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\fontmanager.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\fxplugins.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\glass.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\glib-lite.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\gstreamer-lite.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\hprof.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\instrument.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\j2pcsc.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\j2pkcs11.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jaas_nt.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jabswitch.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\java-rmi.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\java.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\java.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\java_crw_demo.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javacpl.cpl0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javacpl.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javafx_font.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javafx_font_t2k.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javafx_iio.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javaw.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\javaws.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jawt.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jdwp.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jfr.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jfxmedia.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jfxwebkit.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jjs.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jli.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jp2iexp.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jp2launcher.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jp2native.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jp2ssv.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jpeg.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jsdt.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jsound.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\jsoundds.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\kcms.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\keytool.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\kinit.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\klist.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\ktab.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\lcms.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\management.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\mlib_image.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\msvcp120.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\msvcr100.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\msvcr120.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\net.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\nio.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\npt.dll0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
http://www.symauth.com/rpa000%URL Reputationsafe
http://exslt.org/common0%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://www.symauth.com/cps0(0%URL Reputationsafe
ftp://http://base%.20s%ddefault%d%.20scopying0%Avira URL Cloudsafe
http://www.jclark.com/xt0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Your0%Avira URL Cloudsafe
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internal0%Avira URL Cloudsafe
http://exslt.org/commonnode-setdata-typexsltDoSortFunction:0%Avira URL Cloudsafe
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd0%Avira URL Cloudsafe
http://icl.com/saxon0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamer0%Avira URL Cloudsafe
http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.This0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.0%Avira URL Cloudsafe
http://xmlsoft.org/XSLT/Templates:0%Avira URL Cloudsafe
http://xmlsoft.org/XSLT/namespace0%Avira URL Cloudsafe
http://www.ifpi.org/isrc/0%Avira URL Cloudsafe
http://tools.ietf.org/html/rfc3986#section-2.1.0%Avira URL Cloudsafe
http://www.khronos.org/registry/typedarray/specs/latest/#70%Avira URL Cloudsafe
http://xmlsoft.org/XSLT/0%Avira URL Cloudsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Yourgstreamer-lite.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
ftp://http://base%.20s%ddefault%d%.20scopyingjfxwebkit.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://www.jclark.com/xtjfxwebkit.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drfalse
  • URL Reputation: safe
unknown
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTDjfxwebkit.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://www.symauth.com/rpa00servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drfalse
  • URL Reputation: safe
unknown
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internalgstreamer-lite.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://exslt.org/commonnode-setdata-typexsltDoSortFunction:jfxwebkit.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamergstreamer-lite.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://exslt.org/commonjfxwebkit.dll.2.drfalse
  • URL Reputation: safe
unknown
http://ocsp.thawte.com0servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drfalse
  • URL Reputation: safe
unknown
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtdjfxwebkit.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://icl.com/saxonjfxwebkit.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:jfxwebkit.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Thisgstreamer-lite.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.gstreamer-lite.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://xmlsoft.org/XSLT/Templates:jfxwebkit.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://xmlsoft.org/XSLT/jfxwebkit.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://xmlsoft.org/XSLT/namespacejfxwebkit.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://tools.ietf.org/html/rfc3986#section-2.1.jfxwebkit.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://www.symauth.com/cps0(servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drfalse
  • URL Reputation: safe
unknown
http://www.ifpi.org/isrc/gstreamer-lite.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://www.khronos.org/registry/typedarray/specs/latest/#7jfxwebkit.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
No contacted IP infos
Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1496120
Start date and time:2024-08-20 20:27:16 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 12s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:6
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:PGCTGZXFCD20242008.msi
Detection:MAL
Classification:mal56.winMSI@4/147@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .msi
  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
  • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Report size getting too big, too many NtSetInformationFile calls found.
  • VT rate limit hit for: PGCTGZXFCD20242008.msi
No simulations
No context
No context
No context
No context
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\JAWTAccessBridge-32.dllCloudInstaller.zipGet hashmaliciousUnknownBrowse
    uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
      uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
        Advanced_IP_Scanner_2.5.4594.1 (1).exeGet hashmaliciousUnknownBrowse
          New Soft Update.exeGet hashmaliciousUnknownBrowse
            https://uceg-klom.us21.list-manage.com/track/click?u=9b882a29c7ab3b3f6381abd18&id=56bb8add24&e=4fba4902f9xGet hashmaliciousUnknownBrowse
              https://cdn.discordapp.com/attachments/1174332456720154685/1174332513909477499/orderCase_21-50821.zipGet hashmaliciousUnknownBrowse
                https://soft-got.host/vgc/NordVPN-10_11.zipGet hashmaliciousUnknownBrowse
                  C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\JAWTAccessBridge.dllCloudInstaller.zipGet hashmaliciousUnknownBrowse
                    uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                      uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                        Advanced_IP_Scanner_2.5.4594.1 (1).exeGet hashmaliciousUnknownBrowse
                          New Soft Update.exeGet hashmaliciousUnknownBrowse
                            https://uceg-klom.us21.list-manage.com/track/click?u=9b882a29c7ab3b3f6381abd18&id=56bb8add24&e=4fba4902f9xGet hashmaliciousUnknownBrowse
                              https://cdn.discordapp.com/attachments/1174332456720154685/1174332513909477499/orderCase_21-50821.zipGet hashmaliciousUnknownBrowse
                                https://soft-got.host/vgc/NordVPN-10_11.zipGet hashmaliciousUnknownBrowse
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:data
                                  Category:modified
                                  Size (bytes):22307
                                  Entropy (8bit):5.464026538700687
                                  Encrypted:false
                                  SSDEEP:192:L31VcJlUePmcjp/AT43UvpeO3l/x7hvG5hhFTEJ2khFrAoEDTo+m9I6HbgoGGrkm:LlVWlNecjp/Awpyd3
                                  MD5:69EB680DB83F86A7DFA029B8222C67DD
                                  SHA1:52B596E59422BCF6AC1E3821A2B025EFD4A68861
                                  SHA-256:D02A2F4DBEC60F150CC32606C5F61A85AC00365C31EA87622601422EF7D37AE7
                                  SHA-512:38095D51E4F6863069B83EFEF5DD3E86A238C3FCADB990982450F8412EB25673A08B8483A4C0E7ABD8BBD390AA042E1432BE0778155793062631EE1A8B6DAB8B
                                  Malicious:false
                                  Reputation:low
                                  Preview:...@IXOS.@.....@.s.Y.@.....@.....@.....@.....@.....@......&.{A8DC4BBE-5C2B-4373-AA6E-A0898522FA98}..New Ar 3..PGCTGZXFCD20242008.msi.@.....@.....@.....@........&.{2335A60F-1FC1-4624-8660-7FF24B44E22A}.....@.....@.....@.....@.......@.....@.....@.......@......New Ar 3......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]....ProcessComponents%.Atualizando o registro de componentes..&.{9DF256DC-2E1B-4AE9-AD36-A853530ADE87}&.{A8DC4BBE-5C2B-4373-AA6E-A0898522FA98}.@......&.{6FDAD8C4-AC91-47D5-B050-1E22F667AF36}&.{A8DC4BBE-5C2B-4373-AA6E-A0898522FA98}.@......&.{FD5E4EA6-884C-4125-99E8-220F38755F5C}&.{A8DC4BBE-5C2B-4373-AA6E-A0898522FA98}.@......&.{ACED1E9F-A8CC-4F0A-BF34-E62BC5D4F8A2}&.{A8DC4BBE-5C2B-4373-AA6E-A0898522FA98}.@......&.{BEC4F991-BDDF-45A4-90CD-708EEEE8F639}&.{A8DC4BBE-5C2B-4373-AA6E-A0898522FA98}.@......&.{97F935A4-8ACA-497F-BCA3-4C4615653BB5}&.{A8DC4BBE-5C2B-4373-AA6E-A0898522FA98}.@......&.{7C4AEC67-A1D4-4874-B382-
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):32768
                                  Entropy (8bit):5.8698351899511
                                  Encrypted:false
                                  SSDEEP:384:WoI1gYZw33FUWUcC6TBhdsDgZH4o5NEvdlcn0ScPmPn0Avsl9EPg/s4Xsn+KvHKj:07Zw33FNUf6Nhd/fQ1l+0vM0iT9
                                  MD5:066CBBE63AD41A62938F9862876877F3
                                  SHA1:247E0E3715CDB1298BCD344534967E31049CA46E
                                  SHA-256:E9E23CAB19030B2A04B0F848C8D12A44A388CDD12AE9EDC036105C34088B47CC
                                  SHA-512:CF0D9F3036E87F0052652DBED9F93CD51EA8BE76C9C566A8ABED89A78FDE5F7C3ECB51F5C5C65483C0930B82EB0085E92097693BA0BBCB7BDACD8BBE0769F738
                                  Malicious:false
                                  Reputation:low
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................b........................@..........................P............@... ..............................0.......@...............................................................................2...............................text....`.......b.................. .0`.data...@............f..............@.0..rdata...............h..............@.0@.bss....0.............................0..idata.......0.......n..............@.0..rsrc........@.......z..............@.0.................................................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ISO-8859 text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3313
                                  Entropy (8bit):4.557128068430301
                                  Encrypted:false
                                  SSDEEP:96:a58tiSm9iicC7CRRS9i7cq11iUDcsMLks0h9n:WOi59rcF/Cigq11iUD5MLks0z
                                  MD5:FC605D978E7825595D752DF2EF03F8AF
                                  SHA1:C493C9541CAAEE4BFE3B3E48913FD9DF7809299F
                                  SHA-256:7D697EAA9ACF50FE0B57639B3C62FF02916DA184F191944F49ECA93D0BB3374F
                                  SHA-512:FB811DE6A2B36B28CA904224EA3525124BD4628CA9618C70EB9234AB231A09C1B1F28D9B6301581A4FA2E20F1036D5E1C3D6F1BF316C7FE78EF6EDEAE50EA40E
                                  Malicious:false
                                  Reputation:moderate, very likely benign file
                                  Preview:Copyright . 1993, 2016, Oracle and/or its affiliates...All rights reserved.....This software and related documentation are provided under a..license agreement containing restrictions on use and..disclosure and are protected by intellectual property laws...Except as expressly permitted in your license agreement or..allowed by law, you may not use, copy, reproduce, translate,..broadcast, modify, license, transmit, distribute, exhibit,..perform, publish, or display any part, in any form, or by..any means. Reverse usering, disassembly, or..decompilation of this software, unless required by law for..interoperability, is prohibited.....The information contained herein is subject to change..without notice and is not warranted to be error-free. If you..find any errors, please report them to us in writing.....If this is software or related documentation that is..delivered to the U.S. Government or anyone licensing it on..behalf of the U.S. Government, the following notice is..applicable:...
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):14912
                                  Entropy (8bit):6.141852308272967
                                  Encrypted:false
                                  SSDEEP:192:7pQMhM63XLPVT6MsMPapRuBUEp7nYe+PjPriT0fwtK:7muL7PV4aapRuBTp7nYPLr7J
                                  MD5:D63933F4E279A140CC2A941CCFF38348
                                  SHA1:75169BE2E9BCFE20674D72D43CA6E2BC4A5A9382
                                  SHA-256:532D049E0D7A265754902C23B0F150D665A78A3D6FE09AD51C9BE8C29D574A3D
                                  SHA-512:D7A5023A5EB9B0C3B2AD6F55696A166F07FA60F9D1A12D186B23AAAACC92EF948CB5DFFA013AFC90C4BBE3DE077D591185902384F677D0BAE2FF7CFD5DB5E06C
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Joe Sandbox View:
                                  • Filename: CloudInstaller.zip, Detection: malicious, Browse
                                  • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                  • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                  • Filename: Advanced_IP_Scanner_2.5.4594.1 (1).exe, Detection: malicious, Browse
                                  • Filename: New Soft Update.exe, Detection: malicious, Browse
                                  • Filename: , Detection: malicious, Browse
                                  • Filename: , Detection: malicious, Browse
                                  • Filename: , Detection: malicious, Browse
                                  Reputation:moderate, very likely benign file
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...yPjW...........!......................... .....m.........................`......em....@.........................`%......,"..P....@..x............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..d.... ......................@..@.data...`....0......................@....rsrc...x....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):14912
                                  Entropy (8bit):6.1347115439165085
                                  Encrypted:false
                                  SSDEEP:192:0Usw4DPU3XLPVT6GsKOhWIutUinYe+PjPriT0fwyI8:ew7PVIKyWIutDnYPLr728
                                  MD5:B4EB9B43C293074406ADCA93681BF663
                                  SHA1:16580FB7139D06A740F30D34770598391B70AC96
                                  SHA-256:8CD69AF7171F24D57CF1E6D0D7ACD2B35B4EA5FDF55105771141876A67917C52
                                  SHA-512:A4E999E162B5083B6C6C3EAFEE4D84D1EC1C61DCA6425F849F352FFDCCC2E44DFEE0625C210A8026F9FF141409EEBF9EF15A779B26F59B88E74B6A2CE2E82EF9
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Joe Sandbox View:
                                  • Filename: CloudInstaller.zip, Detection: malicious, Browse
                                  • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                  • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                  • Filename: Advanced_IP_Scanner_2.5.4594.1 (1).exe, Detection: malicious, Browse
                                  • Filename: New Soft Update.exe, Detection: malicious, Browse
                                  • Filename: , Detection: malicious, Browse
                                  • Filename: , Detection: malicious, Browse
                                  • Filename: , Detection: malicious, Browse
                                  Reputation:moderate, very likely benign file
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...zPjW...........!......................... .....m.........................`.......2....@.........................`%......,"..P....@..p............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..a.... ......................@..@.data...`....0......................@....rsrc...p....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):128064
                                  Entropy (8bit):6.428684952829155
                                  Encrypted:false
                                  SSDEEP:3072:uN77TJSG78+5Orcj5K/e2Hrgc6kZAn1yEkBKMKy1Zf22QYHJiuzTl8ShzzM+64mn:uNXd178+5fJZnQLo
                                  MD5:2F808ED0642BD5CF8D4111E0AF098BBB
                                  SHA1:006163A07052F3D227C2E541691691B4567F5550
                                  SHA-256:61DFB6126EBA8D5429F156EAAB24FF30312580B0ABE4009670F1DD0BC64F87BB
                                  SHA-512:27DBDA3A922747A031FF7434DE5A596725FF5AE2BC6DD83D6D5565EB2BA180B0516896323294459997B545C60C9E06DA6C2D8DD462A348A6759A404DB0F023A7
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...rPjW...........!................#..............m................................p.....@.........................p...........P.......x...............@...........................................p...@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):127552
                                  Entropy (8bit):6.413283221897154
                                  Encrypted:false
                                  SSDEEP:3072:SdQ4jWJt4XChlFavveKSQ4gHK/e2Hrgc6kZAn1y1koKMKy1Zf22QYHJiuzTl8ShM:Sy4SJ1TFavvehc7ZnwEr
                                  MD5:C3DED5F41E28FAF89338FB46382E4C3E
                                  SHA1:6F77920776D39550355B146D672C199A3941F908
                                  SHA-256:4691603DFABE6D7B7BEAC887DADC0E96243C2FF4F9A88CE3793E93356C53AA08
                                  SHA-512:23621F2856899F40CFA9858DC277372BFE39F0205377543EB23E94422D479A53FDF664F4A9A4515C2285811F01D91AB64A834A03A4D3AB0CB7D78F8AF11135FF
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...sPjW...........!...............................m......................................@.........................@...........P.......p...............@...........................................H...@............................................text...n........................... ..`.rdata..............................@..@.data...............................@....rsrc...p...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):97856
                                  Entropy (8bit):6.467907542894502
                                  Encrypted:false
                                  SSDEEP:1536:/fHGbDtpt+WfGegcX30EJ4YHiYmRkgAPe+GP8uWg1kQOPt:/w2WfGe/30EWbY4Z+GpWuHOPt
                                  MD5:F78D2BF2C551BE9DF6A2F3210A2964C1
                                  SHA1:B6A4160ECA4C0D0552234FF69BCFDF45F0A2A352
                                  SHA-256:9D18E5421A8606985FA54D7CEA921D1B8930358A2E4CDF5FDF2A8B3E4D857288
                                  SHA-512:AAC8622683BE57518F8B03198A03BF1F760E082692C1FB6252E96CDBA19D3CEB0A6786CCBD7B98830E865297308FA99DBBEA464E41041ABDDA18AEB862BA993F
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...pPjW...........!................At.............p................................7P....@..........................9..A....1..<....................f..@............................................,..@...............@............................text...\........................... ..`.rdata..Qg.......h..................@..@.data...`,...P.......8..............@....rsrc................F..............@..@.reloc..J............N..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):95808
                                  Entropy (8bit):6.48897048228647
                                  Encrypted:false
                                  SSDEEP:1536:EHSB4i2hJwZaDEoDVzkhbyJCAqn9nV+1vkJnHBoY8BK5Hj:EJJwZWEoDVYby81yiBovkHj
                                  MD5:E5A6231FE1E6FEC5F547DFD845D209BC
                                  SHA1:3F21F90ECC377B6099637D5B59593D2415450D45
                                  SHA-256:51355EA8A7DC238483C8069361776103779CE9FE3CD0267770E321E6E4368366
                                  SHA-512:D5D20DF0089F3217B627D39ABD57C61E026D0DC537022FB698F85FA6893C7FA348C40295DEEC78506F0EF608827D39E2F6F3538818BA25E2A0EE1145FCC95940
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...qPjW...........!................!o.............p......................................@.........................p7..>...<0..<.......x............^..@...........................................(+..@...............@............................text...<........................... ..`.rdata...e.......f..................@..@.data...`,...P.......0..............@....rsrc...x............>..............@..@.reloc..J............F..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):1182272
                                  Entropy (8bit):6.63089480914076
                                  Encrypted:false
                                  SSDEEP:24576:68M4H6ioDs5FELnSbY6Ck2IlAnVCXQlFg3:9eaGnkXQlFQ
                                  MD5:159CCF1200C422CED5407FED35F7E37D
                                  SHA1:177A216B71C9902E254C0A9908FCB46E8D5801A9
                                  SHA-256:30EB581C99C8BCBC54012AA5E6084B6EF4FCEE5D9968E9CC51F5734449E1FF49
                                  SHA-512:AB3F4E3851313391B5B8055E4D526963C38C4403FA74FB70750CC6A2D5108E63A0E600978FA14A7201C48E1AFD718A1C6823D091C90D77B17562B7A4C8C40365
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.Q...?...?...?......?.......?.......?.z...?.......?.......?...>.;.?.....s.?.....w.?.......?.......?.......?.Rich..?.........................PE..L...nPjW...........!................,G.............m.........................P......Y.....@.................................,{...........N..............@....P......................................v..@............... ....V..`....................text...<........................... ..`.rdata.............................@..@.data...8....@...~...2..............@....rsrc....N.......P..................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):15424
                                  Entropy (8bit):6.380726588633652
                                  Encrypted:false
                                  SSDEEP:384:1Td3hw/L3kKLnYgIOGOOssnPV5Lnf6onYPLr7EbH:1zw/bkKLt7KnddnfPC7S
                                  MD5:A46289384F76C2A41BA7251459849288
                                  SHA1:4D8EF96EDBE07C8722FA24E4A5B96EBFA18BE2C4
                                  SHA-256:728D64BC1FBF48D4968B1B93893F1B5DB88B052AB82202C6840BF7886A64017D
                                  SHA-512:34D62BEB1FA7D8630F5562C1E48839CE9429FAEA980561E58076DF5F19755761454EEB882790EC1035C64C654FC1A8CD5EB46ECA12E2BC81449ACBB73296C9E8
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../x.W...w.W..W..W....s.W...u.W...@.W...A.W...p.W...q.W...v.W..Rich.W..........................PE..L...nPjW...........!......................... .....m.........................`.......9....@..........................'......|$..<....@...............$..@....P....... ..............................8#..@............ ...............................text............................... ..`.rdata..v.... ......................@..@.data...p....0......................@....rsrc........@......................@..@.reloc.......P......."..............@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1447
                                  Entropy (8bit):4.228834598358894
                                  Encrypted:false
                                  SSDEEP:24:+3AKdmzfuv6pBSyGJkR/4o6kn2SRGehD+GrspGC/hLRra:BzMUBLGJkBA+RGeV+GrspGC/TO
                                  MD5:F4188DEB5103B6D7015B2106938BFA23
                                  SHA1:8E3781A080CD72FDE8702EB6E02A05A23B4160F8
                                  SHA-256:BD54E6150AD98B444D5D24CEA9DDAFE347ED11A1AAE749F8E4D59C963E67E763
                                  SHA-512:0BE9A00A48CF8C7D210126591E61531899502E694A3C3BA7C3235295E80B1733B6F399CAE58FB4F7BFF2C934DA7782D256BDF46793F814A5F25B7A811D0CB2E3
                                  Malicious:false
                                  Preview: -Xmixed mixed mode execution (default).. -Xint interpreted mode execution only.. -Xbootclasspath:<directories and zip/jar files separated by ;>.. set search path for bootstrap classes and resources.. -Xbootclasspath/a:<directories and zip/jar files separated by ;>.. append to end of bootstrap class path.. -Xbootclasspath/p:<directories and zip/jar files separated by ;>.. prepend in front of bootstrap class path.. -Xnoclassgc disable class garbage collection.. -Xincgc enable incremental garbage collection.. -Xloggc:<file> log GC status to a file with time stamps.. -Xbatch disable background compilation.. -Xms<size> set initial Java heap size.. -Xmx<size> set maximum Java heap size.. -Xss<size> set java thread stack size.. -Xprof output cpu profiling data.. -Xfuture enable strictest checks, an
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):3857984
                                  Entropy (8bit):6.850425436805504
                                  Encrypted:false
                                  SSDEEP:98304:GyXul1SNceWfkD000V3wnIACM7g6cv/GZ:Q1SgfEP0ZwnIA97dcv/GZ
                                  MD5:39C302FE0781E5AF6D007E55F509606A
                                  SHA1:23690A52E8C6578DE6A7980BB78AAE69D0F31780
                                  SHA-256:B1FBDBB1E4C692B34D3B9F28F8188FC6105B05D311C266D59AA5E5EC531966BC
                                  SHA-512:67F91A75E16C02CA245233B820DF985BD8290A2A50480DFF4B2FD2695E3CF0B4534EB1BF0D357D0B14F15CE8BD13C82D2748B5EDD9CC38DC9E713F5DC383ED77
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$=.$`\.w`\.w`\.w{.Twb\.w..Pwf\.w{.Vwl\.w{.bwl\.wi$[wo\.w`\.w}].w{.cw-^.w{.Swa\.w{.Rwa\.w{.Uwa\.wRich`\.w........PE..L...nPjW...........!......,...........+.......,....m..........................<......q;...@...........................4.......4.......9.(.............:.@.... 9..G....,..............................t2.@.............,.P............................text.....+.......,................. ..`.rdata..Y.....,.......,.............@..@.data...d.....5..*....4.............@....rsrc...(.....9......"7.............@..@.reloc..\.... 9......(7.............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):142912
                                  Entropy (8bit):7.350682736920136
                                  Encrypted:false
                                  SSDEEP:3072:aoGzTjLkRPQ9U9NuLqcNicj5ojGylYCE2Iu2jGLF5A9bE8LUekfCz:LGz/oRPGLJN1IGgYCE2L1F5A9bEGUeR
                                  MD5:4BDC32EF5DA731393ACC1B8C052F1989
                                  SHA1:A677C04ECD13F074DE68CC41F13948D3B86B6C19
                                  SHA-256:A3B35CC8C2E6D22B5832AF74AAF4D1BB35069EDD73073DFFEC2595230CA81772
                                  SHA-512:E71EA78D45E6C6BD08B2C5CD31F003F911FD4C82316363D26945D17977C2939F65E3B9748447006F95C3C6653CE30D2CDA67322D246D43C9EB892A8E83DEB31A
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k..K.c.K.c.K.c.Br..I.c.P...H.c.P...I.c.P...N.c.K.b.m.c.P...m.c.P...J.c.P...J.c.P...J.c.RichK.c.........................PE..L...nPjW...........!.........Z......V.............Sm.........................@.......!....@.................................<...P.... ..................@....0..........................................@............................................text...n........................... ..`.rdata........... ..................@..@.data....+.......(..................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):64064
                                  Entropy (8bit):6.338192715882019
                                  Encrypted:false
                                  SSDEEP:1536:Skh2CQuUlng7qkKi5iO8pm8cN9qOU33oit:Skkhu0nTli5jN8cNAOUHnt
                                  MD5:B04ABE76C4147DE1D726962F86473CF2
                                  SHA1:3104BADA746678B0A88E5E4A77904D78A71D1AB8
                                  SHA-256:07FF22E96DCFD89226E5B85CC07C34318DD32CDA23B7EA0474E09338654BFEB3
                                  SHA-512:2E4E2FEB63B6D7388770D8132A880422ABF6A01941BFF12CAD74DB4A641BDA2DCC8BF58F6DAE90E41CC250B79E7956DDF126943E0F6200272F3376A9A19505F1
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{.|.{.|.{.|..N..y.|.{.}.g.|.v.x.|.v.y.|.v.w.|.v.y.|....Z.|....z.|.v.z.|....z.|.Rich{.|.........................PE..L...nPjW...........!......... ......_.............Vm......................... .......*....@.....................................<.......................@...........................................(...@...............t............................text............................... ..`.rdata..............................@..@.data...\...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):453184
                                  Entropy (8bit):6.516599034237354
                                  Encrypted:false
                                  SSDEEP:6144:3J/sbugq7rm5zX2JDYfiA9+wvpsEWcIGnFm8iTFOBITfnvxIW1x8:3JUbzq+5zX25qvdfnFm88nvq+x8
                                  MD5:5EDAEFFC60B5F1147068E4A296F6D7FB
                                  SHA1:7D36698C62386449A5FA2607886F4ADF7FB3DEEF
                                  SHA-256:87847204933551F69F1CBA7A73B63A252D12EF106C22ED9C561EF188DFFCBAE8
                                  SHA-512:A691EF121D3AC17569E27BB6DE4688D3506895B1A1A8740E1F16E80EEFCE70BA18B9C1EFD6FD6794FAFC59BA2CAF137B4007FCDC65DDB8BCBFCF42C97B13535B
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:...:...:.......:.e....:......:......:.....:....:....:...;.`.:......:.......:.......:.......:.Rich..:.................PE..L...oPjW...........!.........:......n.............Xm................................-.....@.........................@...\6..............................@.......|8..................................Xh..@...............X...8........................text............................... ..`.rdata...;.......<..................@..@.data...............................@....rsrc...............................@..@.reloc..ZE.......F..................@..B................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):25152
                                  Entropy (8bit):6.627329311560644
                                  Encrypted:false
                                  SSDEEP:384:0mgNWEfK0RiC4qxJL8VI6ZEPG5Vv/11nYPLr7N:H6WmK0RiSxJ4VI6W+zbC7N
                                  MD5:72B7054811A72D9D48C95845F93FCD2C
                                  SHA1:D25F68566E11B91C2A0989BCC64C6EF17395D775
                                  SHA-256:D4B63243D1787809020BA6E91564D17FFEA4762AF99201E241F4ECD20108D2E8
                                  SHA-512:C6A16DAAF856939615DFDE8E9DBE9D5BFC415507011E85E44C6BF88B17B705C35CD7CED8EDA8F358745063F41096938D128DEE17E14FE93252E5B046BDFCDDC0
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%..cK.cK.cK....cK....cK.cJ.cK....cK....cK....cK....cK....cK....cK.Rich.cK.........PE..L...nPjW...........!.....*...........4.......@....|m................................:6....@.........................0M.......H..<....p...............J..@............A...............................F..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......@..............@....rsrc........p.......B..............@..@.reloc..z............F..............@..B................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):21568
                                  Entropy (8bit):6.601333059222365
                                  Encrypted:false
                                  SSDEEP:384:QwiAYZIxsQbbRLEs5Ltd7rpPVJfq0nYPLr7Ko+:BiPZj+bVEmtd7rpdJfnC7J+
                                  MD5:73603BF0DC85CAA2F4C4A38B9806EC82
                                  SHA1:74EBC4F158936842840973F54AF50CDF46BC9096
                                  SHA-256:39EF85AB21F653993C8AAAB2A487E8909D6401A21F27CBA09283B46556FB16AF
                                  SHA-512:5C238D677D458D5B7D43FA3FF424E13B62ABFCEDE66D55E3112DC09BF2F7B640EB8F82D00E41A2C7A7E7B36E3FCE3C2DCB060037314418D329466CC462D0BF71
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...'<8.>...'<:.>...'<..>...<...v...5.7.9...'<..1...'<?.=...'<>.=...'<9.=...Rich<...........................PE..L...nPjW...........!.................&.......0....}m................................F.....@..........................A..U....<..P....`...............<..@....p......@1..............................x;..@............0..(............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):827456
                                  Entropy (8bit):6.022966185458799
                                  Encrypted:false
                                  SSDEEP:24576:E0NweWDjb28WNjE/lBy/pUbS3lYMpQIRrAOh3:7Wb5By/pUbouAQIRHh3
                                  MD5:E741028613B1FC49EC5A899BE6E3FC34
                                  SHA1:9EAE3D3CA22E92A925395A660B55CECB2EB62D54
                                  SHA-256:9163A546696E581D443B3A6250F61E5368BE984C69ADFB54EE2B0E51D0FA008E
                                  SHA-512:05C6CE707F4F0F415E74D32F1AACEC7E2C7746C3D04C75502EAECAFAF9E0108CE6206A8A3939C92EDCE449FFC0A68FB4389EDAA93D61920D1EC85327D1B3A55A
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Vu.'...t...t...t..Tt...t.lIt...t.lYt...t...t...t}bat...t..`t...t..at{..t..Qt...t..Pt...t..Wt...tRich...t................PE..L...pPjW...........!................T.............`m.....................................@.........................................P..................@....p..\^.....................................@...............X...........................text...,........................... ..`.rdata..8...........................@..@.data....t.......R..................@....rsrc........P......................@..@.reloc..zr...p...t..................@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):907328
                                  Entropy (8bit):6.160830535423145
                                  Encrypted:false
                                  SSDEEP:24576:ZyWOeRjqm9ZRI+Ga+fme7CV93+x6FQ3ge:VRAeMme7kA6F6ge
                                  MD5:4FD3548990CAF9771B688532DEF5DE48
                                  SHA1:567C27A4EA16775085D8E87A38FE58BEC4463F7D
                                  SHA-256:BDE5DF7BCFC35270B57A8982949BF5F25592A2E560A04E9868B84BEF83A0EA4B
                                  SHA-512:FD2CF2072A786293E30CD495BA06F4734F0CEA63CBC49B6D7A24F6891612375E48D1B5758D9408625E769E8A81C7C34F04278E011BCF47EDEB8C2AFC13AEC20C
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x...x...x....k..x...._..x....v..x....f..x...x...y....^..x....^..x....n..x....o..x....h..x..Rich.x..........................PE..L...nPjW...........!.................D.......0....mm................................t.....@..........................>......."..........................@........c...5..............................p...@............0..4............................text............................... ..`.rdata..T....0......................@..@.data...$Y...@...6...,..............@....rsrc................b..............@..@.reloc...g.......h...X..............@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):109120
                                  Entropy (8bit):5.986571003903383
                                  Encrypted:false
                                  SSDEEP:1536:LE9WcstxlDgZ9EYDKg0nc6N3MR+EpOB+o+5PVT/B:ghspgZPDanhs+EpOBF+5PFB
                                  MD5:A5455B9BEB5672D89B1F0FCFAA4C79CA
                                  SHA1:9C7DBB5AD1CB3EBE7347A9CDDD80389902DA81EC
                                  SHA-256:89A429889DCD0F6A3FE56217A0FEB5912132AAB2817643021EAE3716DA533D4A
                                  SHA-512:131866A4754F4AF78A94F0776815E7EA4375736A4B11A723B87A4436FA101D271FFE14E4B49D3AB1AE2FA61CDBDED0C3D174C75327BE3C24E0E4CC39AFFA9469
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ot....Z...Z...Z..Z...ZC@.Z...Z..Z...Z..Z...Z.v.Z...Z.v.Z...Z...Z...Z.x.Z...Z..Z...Z..Z...Z..Z...Z..Z...ZRich...Z........................PE..L...oPjW...........!..............................~m......................................@.........................P...J............0...t..............@...........P...............................0...@............... ...d...`....................text............................... ..`.rdata...D.......F..................@..@.data...0...........................@....rsrc....t...0...v..................@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):223296
                                  Entropy (8bit):6.501845596055873
                                  Encrypted:false
                                  SSDEEP:6144:8P8OC0xbNXLJAEh4hijzud6kAgZkFGMReiDfbgOBI1:8P8OC0xbNXLJAEh4hijzud6kAgYGSA
                                  MD5:9D5EDECF7E33DDD0E2A6A0D34FC12CA1
                                  SHA1:FC228A80FF85D78AA5BFBA2515EFED3257B9B009
                                  SHA-256:6D817519C2E2EFDD3986EB655C1F687D4774730AB20768DF1C0AAEF03B110965
                                  SHA-512:B4D58D3415D0255DCD87EF413762BC0F2934AAA6C8151344266949D3DD549ABDCA1366FA751A988CDDC1430EBF5D17668ADF02096DD4D5EAFE75604C0DA0B4C9
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wG.s3&. 3&. 3&. .h. 0&. (.. 6&. :^. ;&. (.. 4&. 3&. n&. (.4 n&. (.5 "&. (.. 2&. (.. 2&. (.. 2&. Rich3&. ........PE..L...oPjW...........!.........~.....................m.................................e....@......................... ;.......1.......`...............P..@....p......................................@...@............................................text............................... ..`.rdata...O.......P..................@..@.data........@.......,..............@....rsrc........`.......8..............@..@.reloc..L....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):151104
                                  Entropy (8bit):6.548096027649263
                                  Encrypted:false
                                  SSDEEP:3072:PPuiQNBInyjJ2y53/5d8n9e/ry7zOAHpyWWJd1u2TeKSNlGFGZQfVN2:iBInu2y5P5dkeDy7zOUpLJ2mHZQf2
                                  MD5:7A710F90A74981C2F060FA361D094822
                                  SHA1:FBDCA4E3F19AD5201572974E3C772A3C2694FBB3
                                  SHA-256:9BC52058C02E0C87A6A9470C62D1AA4F998942CC00F99A82E7805E87D958BC16
                                  SHA-512:928708DFF6A372BA997C072238823469CBFD28CCBB17A723AD35F851D35C6EFF82748AA41A9215955B9536A14AA57D47ABE0F1BA00D11F8D920A57F91B7A35E5
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................5......7.....................&.......8.......#.....5.........................4......3.....6.....Rich....................PE..L...oPjW...........!................g..............m.........................p............@.........................0...P............@...............6..@....P..........................................@...............4............................text............................... ..`.rdata...g.......h..................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):200768
                                  Entropy (8bit):6.431501859060678
                                  Encrypted:false
                                  SSDEEP:3072:lC0MaRHVsSduCCkNlKpR1FHNnuNcCwJPT54l2B3Fzkmldrz5ZD9hYJOj9T3iRK:s0XR1sYtxgGl2B3uWjhYJOj9TSY
                                  MD5:434CBB561D7F326BBEFFA2271ECC1446
                                  SHA1:3D9639F6DA2BC8AC5A536C150474B659D0177207
                                  SHA-256:1EDD9022C10C27BBBA2AD843310458EDAEAD37A9767C6FC8FDDAAF1ADFCBC143
                                  SHA-512:9E37B985ECF0B2FEF262F183C1CD26D437C8C7BE97AA4EC4CD8C75C044336CC69A56A4614EA6D33DC252FE0DA8E1BBADC193FF61B87BE5DCE6610525F321B6DC
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g_..g_..g_..._..g_..._..g_..._..g_..._..g_aT._..g_aT._..g_aT._..g_..f_..g_..._..g_.._..g_.._..g_..._..g_.._..g_Rich..g_........................PE..L...oPjW...........!...............................m.........................0............@..........................l..................X&..............@........(......................................@...............<....^.......................text...\........................... ..`.rdata..............................@..@.data...\"..........................@....rsrc...X&.......(..................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):400960
                                  Entropy (8bit):6.165546757090391
                                  Encrypted:false
                                  SSDEEP:6144:vxDvEpBGH7t7PB7Es7va/QdqOBYswIprNWhk+URpxfu4w7J:tvEpBGH7pN57vwQd6swIp5WhkRlfu4CJ
                                  MD5:767BBA46789597B120D01E48A685811E
                                  SHA1:D2052953DDE6002D590D0D89C2A052195364410A
                                  SHA-256:218D349986E2A0CD4A76F665434F455A8D452F1B27EAF9D01A120CB35DA13694
                                  SHA-512:86F7F7E87514DBC62C284083D66D5F250A24FC5CD7540AF573C3FB9D47B802BE5FFBBC709B638F8E066AB6E4BB396320F6E65A8016415366799C74772398B530
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j..'..{t..{t..{t.g.t).{t#..t-.{t#..t".{t#..t".{t#..t,.{tS..ty.{t.8.t".{t..zt..{tS..t/.{t#..t/.{tS..t/.{tRich..{t................PE..L...oPjW...........!.....V...........=.......p.....m.........................P............@.............................^...............................@.... ..h'......................................@............p...............................text....T.......V.................. ..`.rdata...j...p...l...Z..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..h'... ...(..................@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):514112
                                  Entropy (8bit):6.805344203686025
                                  Encrypted:false
                                  SSDEEP:12288:Y5JbfdT5NYGe8m51QSWvopH1kdMDbA2ZoNnYX:Y5JV7eB3KopvnAe2YX
                                  MD5:8D0CE7151635322F1FE71A8CEA22A7D6
                                  SHA1:81E526D3BD968A57AF430ABB5F55A5C55166E579
                                  SHA-256:43C2AC74004F307117D80EE44D6D94DB2205C802AE6F57764810DEE17CFC914D
                                  SHA-512:3C78C0249B06A798106FEAF796AA61D3A849F379BD438BF0BB7BFED0DC9B7E7EA7DE689BC3874ED8B97FF2B3BA40265DED251896E03643B696EFDBF2E01AC88C
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Es.J$..J$..J$....N$..Gv..I$..Gv.G$..Gv..G$..Gv..H$..7]..%$.....B$..7]..H$..J$...%..7]..K$..Gv.K$..7].K$..RichJ$..........PE..L...pPjW...........!................g..............m......................................@..........................F.......I..........................@.......lT...................................E..@............................................text............................... ..`.rdata..............................@..@.data....0...`..."...D..............@....rsrc................f..............@..@.reloc..lT.......V...j..............@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):132672
                                  Entropy (8bit):6.708436670828807
                                  Encrypted:false
                                  SSDEEP:3072:HGBc2vf2AWlvx+Kre9vVv3CoLORljxWEXyB/NK3GyNf9:mxvffVvyo0X8NKW+1
                                  MD5:6376B76728E4A873B2BB7233CBCD5659
                                  SHA1:3BE08074527D5B5BC4A1DDCEC41375E3B3A8A615
                                  SHA-256:4FDF86D78ABC66B44B8AFF4BBCE1F2A5D6D9900767BE3CAAE450409924DBC5AD
                                  SHA-512:955E7C5AB735183B491A753710B6F598A142A2876DDAE5AD301C3DA82A65CE82238E0F20C9F558F80138D58F8DC00B4EBD21483CEED0AABEEDA32CCA5D2E3D48
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........vu^............8Y...............................o..............................................Rich............................PE..L...oPjW...........!.....z...x......_..............m......................... ......^.....@.............................i...|...d.......................@........................................... ...@...............d............................text...Ny.......z.................. ..`.rdata...N.......P...~..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):115776
                                  Entropy (8bit):6.787384437276838
                                  Encrypted:false
                                  SSDEEP:1536:0LHPDcdivqC4xMfl/hAxfZ/t0QHQIM7iVxoQCpGlyir0wIOfnToIfemrVZQirM:0rPDco4xMNEfZ1LQG4igmvTBfem7QcM
                                  MD5:AB6ED0CFD0C52DBEDE1BE910EFA8A89B
                                  SHA1:83CBC2746A50C155261407ECE3D7A5C58AAD0437
                                  SHA-256:8A6FBB08E0F418A3BB80CC65233E7270C820741DD57525ED7FD3CC479A49396E
                                  SHA-512:41773183FC20E42BF208064163AA55658692B9221560146E4F6A676F96FC76541ED82F1EFDFA31F8C25BA42F271F7D9087DE681DA937BBF0EB2C781E027F1218
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g0...c...c...c..c...c...c...cP..c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...cRich...c........PE..L...oPjW...........!........................0.....m......................................@.........................@.......|...(.......................@...........p1.............................. ...@............0..0............................text...L........................... ..`.rdata...f...0...h..................@..@.data....,..........................@....rsrc...............................@..@.reloc..Z...........................@..B................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):16448
                                  Entropy (8bit):6.490137326885244
                                  Encrypted:false
                                  SSDEEP:384:WCMJqfiSZzDonPV5TyVIbb8nYPLr7VblXT:WLJqrNkndQIsC7Vhj
                                  MD5:1F004C428E01F8BEB07B52EB9659A661
                                  SHA1:4D6AAB306CB1F4925890BF69FCDF32BBFE942B81
                                  SHA-256:1BDEFECDF8CFA3F6DA606AD4D8BD98EC81E4A244D459A141723CCB9DC47E57CB
                                  SHA-512:61888A778394950D2840E4D211196FFE1CB18FA45D092CBADBEDF2809BDED3D4421330CFE95392DD098E4AE3F6F8A3070E273FFCA2FB495C43C76332CA331DBF
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3...w.x^w.x^w.x^...^v.x^l..^u.x^l..^u.x^l..^u.x^~..^r.x^w.y^[.x^l..^y.x^l..^v.x^l..^v.x^l..^v.x^Richw.x^........PE..L...oPjW...........!.........................0.....m.........................p.......!....@..........................7.......2..P....P...............(..@....`..`....0..............................`1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):51264
                                  Entropy (8bit):6.576803205025954
                                  Encrypted:false
                                  SSDEEP:1536:urOHh9t7/GAzqHcGxAARrZT9ixHDyo/r0rV9LrBH1bjPEwhEdheBwHWQFgE/XudL:G+9t7/qHcGHuy/pb
                                  MD5:3A744B78C57CFADC772C6DE406B6B31E
                                  SHA1:A89BF280453C0BCF8C987B351C168AEB3D7F7141
                                  SHA-256:629393079539B1B9849704CE4757714D1CBE5C80E82C6BB3BC4445F4854EFA7B
                                  SHA-512:506A147F33C09FA7338E0560F850E42139D0875EF48C297DDB3CC3A29F12822011915FACCB21DA908CF51A462F0EBA56B6B37C71D9C0F842BDE4A697FB4FFB64
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O^;w.?U$.?U$.?U$.G.$.?U$...$.?U$.?T$&?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$Rich.?U$........................PE..L...oPjW...........!.....v...8......l..............m................................O1....@.............................u...|...<.......................@.......................................... ...@............................................text...~t.......v.................. ..`.rdata...'.......(...z..............@..@.data...............................@....rsrc...............................@..@.reloc..V...........................@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):19520
                                  Entropy (8bit):6.452867740862137
                                  Encrypted:false
                                  SSDEEP:384:45kF/QP8xkI6hgWIE0PVlyJSZ9nYPLr7+:4SqP7I6rkd4EfC7+
                                  MD5:503275E515E3F2770A62D11E386EADBF
                                  SHA1:C7BE65796AA0E490779F202C67EEC5E9FBB65113
                                  SHA-256:97B5D1C8E7AAACE5C86A418CB7418D3B0BA4F5E178DE3CF1031029F7F36832AF
                                  SHA-512:AC7C0CB626C2D821F0F4E392EE4E02C9E0093F019AA5B2947E0C7B3290A0098A3D9BB803AB44FD304CA1F1D272CFB7B775E3C75C72C7523FF7240F38440CFC3C
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..|fl./fl./fl./}.(/dl./}.*/gl./}../dl./o.'/al./fl./_l./}../kl./}.//gl./}../gl./}.)/gl./Richfl./................PE..L...pPjW...........!.........................0.....m.........................p............@..........................=.......8..d....P...............4..@....`..\....1...............................6..@............0...............................text............................... ..`.rdata..w....0......................@..@.data...`....@.......*..............@....rsrc........P.......,..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):30784
                                  Entropy (8bit):6.413942547146628
                                  Encrypted:false
                                  SSDEEP:768:+HhfWinfwUFAvnb5TIUX+naSOu9MQQ5jhC7EY:cuin5FAvNTIUX+nbMQQ54EY
                                  MD5:530D5597E565654D378F3C87654CCABA
                                  SHA1:6FAC0866EE0E68149AC0A0D39097CEF8F93A5D9E
                                  SHA-256:0CFAA99AE669DDC00BD59B5857F725DFF5D4C09834E143AB1B5C5F0B5801D13B
                                  SHA-512:D7520A28C3054160FCD62C9D816A27266BE9333E00794434FB4529F0FF49A2B08E033B5E67A823E5C184EE2D19D7F615FF9EE643FE71C84011A7E5C03251F3B4
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............I...I...I..HI...I..JI...I..~I...I..GI...I...I..I...I...I..NI...I..II...IRich...I........PE..L....DjW.................0...,.......1.......@....@..................................<....@.................................dR..x....p...............`..@.......t....A...............................P..@............@..p............................text............0.................. ..`.rdata.......@.......4..............@..@.data........`.......N..............@....rsrc........p.......P..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):15936
                                  Entropy (8bit):6.466457942735197
                                  Encrypted:false
                                  SSDEEP:384:GpsbHnDiW6gejmSHhV8cGees7snYPLr7Wj53:GpsbHn/HS/8cresgC743
                                  MD5:CF2F023D2B5F0BFB2ECF8AEEA7C51481
                                  SHA1:6EB867B1AC656A0FC363DFAE4E2D582606D100FB
                                  SHA-256:355366D0C7D7406E2319C90DF2080C0FAE72D9D54E4563C48A09F55CA68D6B0C
                                  SHA-512:A2041925039238235ADC5FE8A9B818DFF577C6EA3C55A0DE08DA3DEDD8CD50DC240432BA1A0AEA5E8830DCDCCD3BFBF9CF8A4F21E9B56DC839E074E156FC008D
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW..................................... ....@..........................`......B.....@..................................#..P....@..\............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata..z.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):126528
                                  Entropy (8bit):6.8082748642937725
                                  Encrypted:false
                                  SSDEEP:3072:Kw2b3Kr+uWU9XzFhziJ1TBZAhsIn/B9NZwMgjeNXLD:43KFFheLCBpV/
                                  MD5:73BD0B62B158C5A8D0CE92064600620D
                                  SHA1:63C74250C17F75FE6356B649C484AD5936C3E871
                                  SHA-256:E7B870DEB08BC864FA7FD4DEC67CEF15896FE802FAFB3009E1B7724625D7DA30
                                  SHA-512:EBA1CF977365446B35740471882C5209773A313DE653404A8D603245417D32A4E9F23E3B6CD85721143D2F9A0E46ED330C3D8BA8C24AEE390D137F9B5CD68D8F
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!..r..r..r.W.r..r.W(r..r...r..r..(r..r...r..r.W.r..r..r..r.W)r..r.W.r..r.W.r..r.W.r..rRich..r................PE..L...qPjW...........!..... ...........(.......0.....m................................6N....@......................... u...B...U..........................@............5...............................S..@............0......<U..@....................text...b........ .................. ..`.rdata.......0.......$..............@..@.data...............................@....rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):191040
                                  Entropy (8bit):6.75061028420578
                                  Encrypted:false
                                  SSDEEP:3072:iUJiEoGLsncZizZQ7QBdCPdG3TBfMzrjZqMNGSplN2:iUJsnVzy7QBdC1G3TBEvFp6
                                  MD5:E3E51A21B00CDDE757E4247257AA7891
                                  SHA1:7F9E30153F1DF738179FFF084FCDBC4DAE697D18
                                  SHA-256:7E92648B919932C0FBFE56E9645D785D9E18F4A608DF06E7C0E84F7CB7401B54
                                  SHA-512:FC2981A1C4B2A1A3E7B28F7BF2BE44B0B6435FD43F085120946778F5C2C2CA73AD179796DEC0B92F0C6C8F6B63DD329EECC0AF1BB15392364C209DCF9CD6F7CA
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+H..E...E...E.L.....E..E....E..E....E......E...D...E..E..{.E..E....E..E....E.Rich..E.........PE..L....DjW.....................&....................@..........................0......aN....@.................................L*..d.......................@............................................$..@............................................text...~........................... ..`.rdata...s.......t..................@..@.data....4...@....... ..............@....rsrc................6..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):23616
                                  Entropy (8bit):6.620094371728742
                                  Encrypted:false
                                  SSDEEP:384:Qp2dG5pC/ujTc8ZrEnrZm8WXLFnPV52WZQAnYPLr7lOGa:uvCGjJ0Q9ndRZdC71a
                                  MD5:1C47DD47EBD106C9E2279C7FCB576833
                                  SHA1:3BA9B89D9B265D8CEC6B5D6F80F7A28D2030A2D1
                                  SHA-256:58914AD5737F2DD3D50418A89ABBB7B30A0BD8C340A1975197EEA02B9E4F25B2
                                  SHA-512:091F50B2E621ED80BAFE2541421906DE1BCC35A0E912055B93E40CD903BE8B474103C0D8FECDF46E7F2F3C44BDADE64A857AB2B9CB5404306055150EE4ED002A
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..v...v...v.....+.t...m'$.u...v...\...m'&.w...m'..t...m'..{...m'#.w...m'".w...m'%.w...Richv...................PE..L...wPjW...........!.....*...........4.......@.....m................................F.....@..........................I..|....E..<....`...............D..@....p.......@...............................D..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...(....P.......:..............@....rsrc........`.......<..............@..@.reloc..^....p.......@..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):160256
                                  Entropy (8bit):6.469497559123052
                                  Encrypted:false
                                  SSDEEP:3072:a2lpElIhbyyH3c1CX766zKELxKvFaPSnjZqMNJlGle:a2rE+xdW+76DEVKv8wv
                                  MD5:4E3C37A4DE0B5572D69AD79B7A388687
                                  SHA1:6B274E166641F9CE0170E99FE2D1F4319B75A9E8
                                  SHA-256:893A86E7B1DE81DEDAB4794732FCCD02790756A2DBE4815C102F039088DFCBD2
                                  SHA-512:8352A1CD859D17A27560448C6FFB0E8200096CAC744C8BB56330397FDE0B7F702E2295999D89FBAD74DF72DF200C391113A23A9B4342ABAC738167967533F9CD
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d6.. We. We. We.;...9We.;...We.)/..)We. Wd..We.O!.(We.;...We.;...!We.;...!We.;...!We.Rich We.........................PE..L....HjW...........!.....r...........q....................................................@.............................Z.......d.... ..............................@...................................@............................................text....p.......r.................. ..`.rdata..jH.......J...v..............@..@.data...,3..........................@....rsrc........ ......................@..@.reloc..@............T..............@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):70208
                                  Entropy (8bit):6.353501201479367
                                  Encrypted:false
                                  SSDEEP:768:jFVfr2k521ZnrawwMmqPXt+rP3b/9/YMCxx0OpPOrEE14EVHLAuDeGJiqrmehiV9:PxioMmqF+2x0MORLVq7qjh3rmKPNpwGg
                                  MD5:C2A59C7343D370BC57765896490331E5
                                  SHA1:A50AF979E08A65EB370763A7F70CDB0E179D705D
                                  SHA-256:40614FE8B91E01AD3562102E440BDBF5FAC5D9F7292C6B16A58F723BFFFE6066
                                  SHA-512:CA266F1B2E51F66D119E2D71E3377C229A3D583853FFB606C101AFEB41689ACE7D1F1594781091DA67F9BE9D09F3019BF048C0F819777E8F1827A56BEEC252C4
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...1...1...1..9....1.j...1..9....1..9...1.....1...0.q.1.....1..9....1..9....1..9....1.Rich..1.................PE..L....HjW.................B...........B.......`....@..........................@......5C....@..................................}..x.......................@....0.......b...............................u..@............`......@{.......................text...,@.......B.................. ..`.rdata..x'...`...(...F..............@..@.data................n..............@....rsrc................p..............@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):57408
                                  Entropy (8bit):6.6711491011490285
                                  Encrypted:false
                                  SSDEEP:1536:f6arRmcnq2lxm+Na6C7HIT6T8E2pLSSm3:fzm+q7HITS8E2pLSSA
                                  MD5:AEADA06201BB8F5416D5F934AAA29C87
                                  SHA1:35BB59FEBE946FB869E5DA6500AB3C32985D3930
                                  SHA-256:F8F0B1E283FD94BD87ABCA162E41AFB36DA219386B87B0F6A7E880E99073BDA3
                                  SHA-512:89BAD9D1115D030B98E49469275872FFF52D8E394FE3F240282696CF31BCCF0B87FF5A0E9A697A05BEFCFE9B24772D65ED73C5DBD168EED111700CAAD5808A78
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................I2.......(.......*.....................\.:.....\.>...............................)...............+.....Rich............PE..L...tPjW...........!.....r...V.......w.............m......................................@.........................@...x...............................@.......8.......................................@...............4............................text....p.......r.................. ..`.rdata...@.......B...v..............@..@.data...............................@....rsrc...............................@..@.reloc..8...........................@..B................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):446528
                                  Entropy (8bit):6.603555069382601
                                  Encrypted:false
                                  SSDEEP:12288:RreTVhY4gXwLR4YS+OX3kQg4O5kM2LY58gwDTxXvwGSelo:Rr4VhyK7eTxXvwelo
                                  MD5:8AE40822B18B10494527CA3842F821D9
                                  SHA1:202DFFA7541AD0FAD4F0D30CEE8C13591DCA5271
                                  SHA-256:C9742396B80A2241CE5309C388B80000D0786A3CAB06A37990B7690FD0703634
                                  SHA-512:AA324A265639C67843B4BF6828029B413044CBE4D7F06A253B78B060EA554FECC6E803D59D03742C485B2EB3D52E5C0A44928DCC927501F413EE4664BB8A11F5
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.4Z..gZ..gZ..g.}g^..gWUggX..gWUeg\..gWUZgW..gWU[g_..g..qg]..gZ..g...g'~Zg~..g'~[g...g'~fg[..gWUag[..g'~dg[..gRichZ..g........PE..L...uPjW...........!..............................m......................................@.........................@..........d.......................@........%...................................\..@...............,............................text...{........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):126016
                                  Entropy (8bit):6.608910794554507
                                  Encrypted:false
                                  SSDEEP:3072:oOxjjADzd+aeaPB9JhjxkM2wzGdXJbD/jn8Y6:ocKzeaPB9JhjxknwzG5JbDb8F
                                  MD5:01706B7997730EAA9E2C3989A1847CA6
                                  SHA1:7CEAD73CBE94E824FA5E44429B27069384BFDB41
                                  SHA-256:20533C66C63DA6C2D4B66B315FFCF5C93AE5416E3DAE68CDD2047EFE7958AB3A
                                  SHA-512:3272C8DE6C32D53372D481441DA81AE2B6EA02E8360B23D7F793B24827BD683A6604F43BE18CE2BEE40038FBE7D5F7AF78B2C465A51F82478D881DBEB5744DC2
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........y.r.*.r.*.r.*O..*.r.*.r.*.r.*. .*.r.*. .*.r.*. 0*.r.*. 1*.r.*..0*.r.*...*.r.*. .*.r.*...*.r.*Rich.r.*........PE..L...vPjW...........!.........:.....................m................................c.....@.....................................<.......................@.......\...................................0...@............................................text... ........................... ..`.rdata..8(.......*..................@..@.data...............................@....rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):191552
                                  Entropy (8bit):6.744419946343284
                                  Encrypted:false
                                  SSDEEP:3072:lScg0xvhTZNIs3Ft+STckCBQo3C0Y22vncTBfsO9jZqMN3cH1Tefqk:lSclI6nTc3BQo3C0YHncTBxvs65
                                  MD5:48C96771106DBDD5D42BBA3772E4B414
                                  SHA1:E84749B99EB491E40A62ED2E92E4D7A790D09273
                                  SHA-256:A96D26428942065411B1B32811AFD4C5557C21F1D9430F3696AA2BA4C4AC5F22
                                  SHA-512:9F891C787EB8CEED30A4E16D8E54208FA9B19F72EEEC55B9F12D30DC8B63E5A798A16B1CCC8CEA3E986191822C4D37AEDB556E534D2EB24E4A02259555D56A2C
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...%...%...%..w%...%.7D%...%.7q%...%..|%...%...%...%.7E%*..%.7u%...%.7r%...%Rich...%........................PE..L....DjW.....................(...................@..........................0............@.................................\*..d.......................@............................................$..@............................................text............................... ..`.rdata...t.......v..................@..@.data....4...@......."..............@....rsrc................8..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):269888
                                  Entropy (8bit):6.418120581797452
                                  Encrypted:false
                                  SSDEEP:6144:Fp9B0qT85g5Sq+VBY2qVLC2wH5rM8HoQvlHO:5uqT85sSq+ERVm2wZEQvlHO
                                  MD5:F8211DB97BF852C3292C3E9C710C19D9
                                  SHA1:46DAD07779E030D8D1214AFE11C4526D9F084051
                                  SHA-256:ECF4307739CA93F1569CE49377A28B31FE1EB0F44B6950DBAAFA1925B24C9752
                                  SHA-512:B3E20EECA87136CAE77F06E4149E65EBFEF71A43589F7E2833008FE43811A2BC8B6202B6ADB5CE122A1822E83CE226B833DEF93A2B161476BD5B623794E4F697
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a..L%...%...%...>c..8...J.4.-...,.......%.......>c5.....>c4.....>c..$...>c..$...Rich%...................PE..L...rGjW.................t...........C............@..................................a....@.................................L...x.......................@.......8................................... ...@...............h...T........................text....r.......t.................. ..`.rdata...c.......d...x..............@..@.data...8........z..................@....rsrc................V..............@..@.reloc..>-..........................@..B................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):13888
                                  Entropy (8bit):6.274978807671468
                                  Encrypted:false
                                  SSDEEP:192:ahKnvndLwm3XLPVlD6yTUZnYe+PjPriT0fwdNJLkoRz:a4j7PVl1TAnYPLr7cLka
                                  MD5:0291BA5765EE11F36C0040B1F6E821FB
                                  SHA1:FFE1DCF575CCD0374DF005E9B01D89F6D7095833
                                  SHA-256:F8540BE2BBD5BDE7962D2FE4E7EC9EF9BF53D95B48781AE549AA792F10032485
                                  SHA-512:72ADDC631D8CF064E1B047B51EEF7F306CA959D24ED705065C33EE8DDDF7EA84B95B3DE5B0709015A81D36ACA01E15CE99A354D4069D4D798ED128A6A76D1010
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X"._9LR_9LR_9LRD..R^9LRD..RS9LRD..RZ9LRVA.R]9LR_9MR|9LRD..R\9LRD..R^9LRD..R^9LRD..R^9LRRich_9LR........PE..L...xPjW...........!......................... .....m.........................`............@..........................&..J...\"..P....@..................@....P..@.... ...............................!..@............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc..t....P......................@..B................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):163904
                                  Entropy (8bit):6.783788147675078
                                  Encrypted:false
                                  SSDEEP:3072:XrQPwE5tlGsXVomHvD+1febSICzqozXtrQwnNZkB+5:XU15tpX9HvsfrTtMwNWBY
                                  MD5:6E08D65F5CBB85E51010F36A84FC181D
                                  SHA1:4EEE8BE68BAAF6320AEA29131A1C0B322F09F087
                                  SHA-256:2D8658909D9E357A4B70FCF862D690EEC82A2F77161ABB021E0839C6A67D4825
                                  SHA-512:DF4494D062E9A8AC82D727D2722DCF32C3FC924FA104F384FA099ADB08ECBDEEA7A19245D779097C0AFCF51F84852328ED595C88380F42BD39560678C8AD9621
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#..cp..cp..cp...p..cp...p..cp.D.p..cp..bp..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cpRich..cp........................PE..L...{PjW...........!...............................m......................................@......................... ?..h...|9..<....P...............h..@....`...)..@...............................(8..@...............,............................text............................... ..`.rdata..._.......`..................@..@.data...0....@.......4..............@....rsrc........P.......8..............@..@.reloc...+...`...,...<..............@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):22592
                                  Entropy (8bit):6.620820751411794
                                  Encrypted:false
                                  SSDEEP:384:YL4Z7lZRiY3PB6cGgOp2m1zq2oatSnPV5zYxkpLfsnYPLr7Ybc:E4PZRiY3PB6cVAebaMnd+ypLkC7Cc
                                  MD5:700F5789D2E7B14B2F5DE9FDB755762E
                                  SHA1:F35EDE3441D6E5461F507B65B78664A6C425E9AC
                                  SHA-256:D115EAF96BD41C7A46400DCFF7EF26AC99E3CF7A55A354855C86BAE5C69A895A
                                  SHA-512:664A442DD424CA04AC0CE072B9BBD5EF7C657B59A26403C44A856738F7998466BFE3010825A13451281841D39B0A34D8997EE24497D626EC60C19AA1AF0EE465
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../j.W...e.W..W..W....a.W...g.W...R.W...S.W...b.W...c.W...d.W..Rich.W..........PE..L...|PjW...........!........."......T&.......0.....m.................................O....@.........................`>.......:..<....`...............@..@....p.. ....0...............................9..@............0...............................text...^........................... ..`.rdata..p....0....... ..............@..@.data........P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):115264
                                  Entropy (8bit):6.588792190592223
                                  Encrypted:false
                                  SSDEEP:3072:2Cgsy+/cydqNiaZr+lOzZPh7/W4MCnc8Ioaa2yFWcC6vsx/8:FZOzZPh7/WSe+S6v+U
                                  MD5:8BC8FE64128F6D79863BC059D9CC0E2E
                                  SHA1:C1F2018F656D5500ACF8FA5C970E51A55004DA2E
                                  SHA-256:B77CD78FF90361E7F654983856EE9697FDC68A0F9081C06207B691B0C9AF1F5D
                                  SHA-512:6771F23ECF1A449EB6B0B394E0F1D3EB17C973FC0544BA25487C92F215ACC234FC31C9B7BE5528EFD06D29A35BB37DD7934318837576862ADFC2631B4D610A24
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l..>7..l..>...l..>5..l..>...l...#..l..5..l..l.zl.....l.....l..4..l..>3..l..6..l.Rich.l.........PE..L...}PjW...........!.........|......],.......@.....m................................~.....@.....................................x.......................@............................................h..@............@...............................text....-.......................... ..`.rdata..4Z...@...\...2..............@..@.data...4...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):33934912
                                  Entropy (8bit):6.35314231534845
                                  Encrypted:false
                                  SSDEEP:393216:VJ8d7SMzwH5R2sdDcBwHHdI4DKRlDsqXCagQZhzvilh2Wlq7ODI:VJ8d7zzUesdDtevn
                                  MD5:4D857A5FC9CA16D2A67872FACCF85D9F
                                  SHA1:EAEB632E526EFA946E4DB1B8CFA31DE6A7B03219
                                  SHA-256:7FFA7423DDA07499394B345E5ECE2D54C8E19247E6E76C0E23B5BF1470AB0D7F
                                  SHA-512:8DBC8675CE2DACE8D629C3FA66CF65704346AB829AE0B0A1D7B25BE22783B7E73624BA70F6D67264D6CA1656D7590E3753A8DF2227DA45112C5BD4A5654089AF
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O..z!..z!..z!.c...z!..(...z!..(...z!......z!..z!..z!..(..hz!..(...z!......z!. ...z!..z ..{!......p!......z!..(...z!......z!.Rich.z!.................PE..L...~PjW...........!......... $....................m......................................@.................................X...x.......@...............@..............................................@............................................text.............................. ..`.rdata...E.......F..................@..@.data..............................@....unwante............................@..@.rsrc...@...........................@..@.reloc.............................@..B........................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):15936
                                  Entropy (8bit):6.475020301731584
                                  Encrypted:false
                                  SSDEEP:384:GpsE5cnm6ObmSHhV8j0eeq4SziahnYPLr79OOu:Gpszn6iS/8jxeqfhC78Ou
                                  MD5:4F11D43AA2215CE771DA528878F01C8E
                                  SHA1:8062681D73489FF200CA0BA426FF1FF3F44494A7
                                  SHA-256:0D554CD4B373D6D9B9C179A468D179388706C0BDE4D878ED75EF575651588B3C
                                  SHA-512:34CB271C32FB479CFAEEC536A5D35A41730E90001D67DC9DB595DB240A1F58C3BF12334BB5CDE7673C8E56A4C272BFBD66E4EACDEE0082F6FD583E4E039EC540
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......C....@.................................$#..P....@..@............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...@....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):158784
                                  Entropy (8bit):6.816453355323999
                                  Encrypted:false
                                  SSDEEP:3072:gLkNbBRaz4rQWiG6wMz9/S3en9pHUw06TBfkqI44:rNbB4Mcnv7z6en9pj06TB6
                                  MD5:73A76EC257BD5574D9DB43DF2A3BB27F
                                  SHA1:2C9248EAE2F9F5F610F6A1DFD799B0598DA00368
                                  SHA-256:8F19B1BA9295F87E701C46CB888222BB7E79C6EE74B09237D3313E174AE0154F
                                  SHA-512:59ECD5FCF35745BDADCDB94456CB51BB7EA305647C164FE73D42E87F226528D1A53CE732F5EC64CE5B4581FA8A17CFBFDC8173E103AE862D6E92EB3AD3638518
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................6...........0.....=............7....5.....4.....3....Rich............PE..L....PjW...........!...............................o................................Y.....@..........................3..m....*..d....................T..@............................................#..@............................................text...~........................... ..`.rdata...u.......v..................@..@.data....4...@......."..............@....rsrc................6..............@..@.reloc.."............:..............@..B................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):207424
                                  Entropy (8bit):6.630800216665857
                                  Encrypted:false
                                  SSDEEP:6144:ckZ5ktGCru8e6Y3RhNw0mjs+OBS7n7ACKRAHbW:ciIbS6Y37Nw0/QC
                                  MD5:475DD87198F9C48EFB08AAB4ADE8AF5A
                                  SHA1:9B657E0837639663D4D721F8C5E25401F11E7BEB
                                  SHA-256:32764005FCCE7D0E51801528F6B68C860979E08D027A5220DFEC19B2A8013354
                                  SHA-512:0B492B0FBADC14178A6F79A58E47C30D92B59B18414E38A7B119699D0788ACF3713F925CF0EC570BE3E29AB26BDB6B567C38526BC0603BA78ECC3E2952EA3E2B
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.*...*...*.......*.......*.;....*.......*.......*...+...*.......*.......*.......*.......*.......*.......*.Rich..*.........................PE..L....PjW...........!.........>.....................o.........................P............@.............................................................@......../...................................C..@...............|...........................text.../........................... ..`.rdata..............................@..@.data....,.......&..................@....rsrc...............................@..@.reloc...6.......8..................@..B........................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):82496
                                  Entropy (8bit):6.597347722250847
                                  Encrypted:false
                                  SSDEEP:1536:ez2dfBusTTkMffX+xR5kdt94u+508AqDfJOqsbCkq24maADX:kE5u+kkX+P+dt9O08JJOZXX4nADX
                                  MD5:5F85F7F2DFAC397D642834B61809240F
                                  SHA1:ECA28E8464208FA11EF7DF677B741CDD561483D9
                                  SHA-256:B71E00ADB77D87882D58993A5888955BDD62C57D364F60AAA0FA19D32A69C9DA
                                  SHA-512:2BFE9FCE450E57EA93DEEAA85A746CB17BA946EEFF866F10D67C74F7EA038B16910E0D8EF29E9F358AF7DAABD45E3983C370FEF82A9647546819DCDE3AEE45BC
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-..C..C..C.....C..3..C.v...C..3..C..B.X.C.....C..3..C..3...C..3..C..3..C.Rich.C.........PE..L....HjW............................1.............@.................................cE....@.................................\...x....`..H............*..@....p..h.......................................@............................................text............................... ..`.rdata...C.......D..................@..@.data....0... ......................@....rsrc...H....`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):19008
                                  Entropy (8bit):6.372096409611824
                                  Encrypted:false
                                  SSDEEP:384:PTjlu57T5J5eFeYW7TPVlN3B+ASZQ4NNR7F3qnYPLr7om0:PnUd5eFeDfd5Sj7oC7om0
                                  MD5:4023E25F92B5F13E792901BF112A8EA2
                                  SHA1:31ADCD411905832B89EA55DEC8B9C83AF3C7D3EA
                                  SHA-256:432AEDAC59FA161FED5A5D95CA5F8CFD1D73A35ABE8A7090D137100F727B687B
                                  SHA-512:AD0E6F8071EB09E843989E637BACA988DD7706D84FC26DB7C2E18BBE03A78A6C5BFE4F1B28289B5929B2B86C53FB6C3DAE42523DC8EDE8057A8F431AEA77BB20
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~fQ.~fQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ.~gQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQRich.~fQ................PE..L....PjW...........!.........................0.....o.........................p.......8....@..........................8......43..P....P...............2..@....`.......1..............................P1..@............0.......2..@....................text............................... ..`.rdata..T....0......................@..@.data........@.......&..............@....rsrc........P.......*..............@..@.reloc..J....`......................@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):186944
                                  Entropy (8bit):6.612459610032652
                                  Encrypted:false
                                  SSDEEP:3072:XsSFQQB7SGWV2xrkvql6QPJD7mGVqjLypDTaDE5zwmFxy7HglbZrdIG:XJ97PxYAPJ/RV0tDCzw+xy0ldOG
                                  MD5:E9373908186D0DA1F9EAD4D1FDAD474B
                                  SHA1:C835A6B2E833A0743B1E8F6F947CFE5625FE791F
                                  SHA-256:E2FBD6C6334D4765FF8DFF5C5FE3DF8B50015D0BF9124142748FADB987B492FF
                                  SHA-512:BFDC236D462DAC45FD63C112E40558ED4E11E76FB4D713926A679FD573F67FA16451231A03178926B76BD267F092A33A3B6760CF4812DE2679BB9505B83F8261
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.+.#.x.#.x.#.x.mGx.#.x..Ax.#.x..ux3#.x.[Lx.#.x.[\x.#.x.#.x #.x.Utx.#.x..tx.#.x..Dx.#.x..Ex.#.x..Bx.#.xRich.#.x................PE..L....PjW...........!................K........ .....o................................,j....@................................. ...d.......................@............"...............................f..@............ ..P...L|.......................text...\........................... ..`.rdata...m... ...n..................@..@.data....5...........z..............@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):145984
                                  Entropy (8bit):6.69725055196282
                                  Encrypted:false
                                  SSDEEP:3072:S2yRKm4/j/dKLnjHy7OMD+MqS1RYio7+oD33GnUV0fem2M:S2ytqlYnjHehDzqiq+oD33OUV8Vx
                                  MD5:4294D39CC9E5F23754D41B9DDE710112
                                  SHA1:1BAA1E136F18108AB4E31EC005DEC54FC3F23A7C
                                  SHA-256:DE3EEDED01B35DC7C29B0B758211BB1DB73CCFFB9298D281DAF56924ED9E93CB
                                  SHA-512:E88DFF129DD35445B32A2DBCAB97CF752E9ACDF82FF88B184FA6D3B461D55BD2D195794802C5BA5E7EFFA086DC89E0C2CEF0C8B0BFA29AC70B75CFB1B4B0584C
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:.j.i.j.i.j.i..5i.j.i..8i.j.i...i.j.i..:i.j.i.j.i.j.i...i.j.i..=i.j.i..<i.j.i..;i.j.iRich.j.i................PE..L....PjW...........!.........P......)..............o.........................`............@.........................."..X.......P....@..............."..@....P..........................................@............................................text...N........................... ..`.rdata...9.......:..................@..@.data........0......................@....rsrc........@......................@..@.reloc..4....P......................@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):16448
                                  Entropy (8bit):6.482296988184946
                                  Encrypted:false
                                  SSDEEP:384:n11I27Bf0jeZy+hiqEyRoPV527rBnYPLr7/U:nrJfYqodYJC78
                                  MD5:4BDF31D370F8A893A22820A3B291CC1D
                                  SHA1:BD27656B42F881EEE1940CFE15CF84C1938B57BA
                                  SHA-256:C98DFAC99CC1E05D5F86B2577031A7624DCC13D0A8344B2855F166335177BC16
                                  SHA-512:51623274C13DA71AD01DBAD7950444B512F08C3DC04E27F0321DF02E9F3C4DFB308DEF35F58524CCCCE79ED2A8859D85C16DC0D9BEA378E5538E23602D35AA76
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.m..d>..d>..d>.b.>..d>...>..d>..e>..d>...>..d>...>..d>...>..d>...>..d>...>..d>...>..d>Rich..d>........................PE..L....PjW...........!.........................0.....o.........................p......n.....@.........................P8..:....4..<....P...............(..@....`.......0...............................3..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):30784
                                  Entropy (8bit):6.609051738644882
                                  Encrypted:false
                                  SSDEEP:384:mk87qhVj8sqgP7CRLMOPfkGo7UdJs0flkg2uG8RPGHTR5ny5pnYPLr7z:mk87qhVjaMOPJdJFflLJR+V03C7z
                                  MD5:7BD914407C6D236B27865A8C63147B7F
                                  SHA1:9B49E48705341D30E3F92B85652E924C7985E415
                                  SHA-256:549849DC910261D817670B192715430395993E811D0FD3103651237D7F18929D
                                  SHA-512:624DC95F696BEA311726EAFB0017F363C8703B95A2E08DE984C642867888CF5B9172326C2E2567ED4A2EA28F806B633840552C80BE49EB6CF2A8FC4A0C259117
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Nu.h &.h &.h &...&.h &...&.h &...&.h &.h!&_h &...&.h &...&.h &...&.h &...&.h &...&.h &Rich.h &........PE..L....PjW...........!.....8...(.......A.......P.....o.................................G....@.........................P^.......V..P....................`..@...........`Q...............................U..@............P..D............................text...66.......8.................. ..`.rdata.. ....P.......<..............@..@.data...$....p.......V..............@....rsrc................X..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):27712
                                  Entropy (8bit):6.6264206752006825
                                  Encrypted:false
                                  SSDEEP:768:hgWe1DWI+mB7JkJKe3xVF2XNbuHEqe8yIGn3zY9pcQ/oGmEsg0sqkgiHmNs2Qd6X:qWbEK1Ms2dYJG
                                  MD5:6280201C1918EA3293919BB282D2B563
                                  SHA1:3F6F5299A435E2A0C36BE8AAD4CB2FCAACD0897D
                                  SHA-256:0711127A297E4CC1927D77013FC040CAA26930C34A4C7B4D7631BCE9C8041B74
                                  SHA-512:A4C4507ED4FDEC038FAFA62970161E7B75FF9A2ABBDF854ED55483144DCDC0FC9D21235FDDDF1B38303723F9C615AE388397C4D17B5391D8827A5B40AC52C5FC
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q...q...q.......q.......q.......q...q...q....=..q....<..q.......q.......q.......q..Rich.q..........................PE..L....PjW...........!.....6...$.......?.......P.....o................................p;....@.........................0Y.......S.......p...............T..@.......0....Q...............................R..@............P...............................text...f4.......6.................. ..`.rdata.......P.......:..............@..@.data...L....`.......J..............@....rsrc........p.......L..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):178240
                                  Entropy (8bit):6.793245389378621
                                  Encrypted:false
                                  SSDEEP:3072:gWosiKTxga2KtpdhEnGF5PNyR0BxDxxKF5HkEWnuYsauj9Fom1QB:3RRKAtpdhEn/0BzwFpvYm0z
                                  MD5:BF299F73480AF97A750492E043D1FADD
                                  SHA1:C93C4A2DAE812F31603E42D70711D3B6822F9E8E
                                  SHA-256:0334E3B7AE677116B92516172D0CA905723DAF847D8B3B0DC3FC118EDC703D51
                                  SHA-512:7265783F0DD653DBC4693D5EFEB156281620C5421F29910F14C22B75A936233E9E897087E64B641335795484837F28F113EE9F380027698A898F19115FD0F648
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:..di..di..di.k.i..di.k.i..di...i..di.k.i..di..ei..di.k.i..di.k.i..di.k.i..di.k.i..diRich..di................PE..L...pPjW...........!.....^...F.......g.......p.....o.................................Z....@.............................d....x..P.......h...............@....... ...`q..............................pw..@............p..H............................text....\.......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....rsrc...h...........................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):15936
                                  Entropy (8bit):6.474237923131844
                                  Encrypted:false
                                  SSDEEP:384:Gps45cnQ6DmSHhV8r0eeU4Szi6nYPLr70aG:Gpsnn4S/8rxeUvC7RG
                                  MD5:9A4CF09834F086568DF469E3F670BF07
                                  SHA1:594C4E0394475A6299C79E3A063C7D5AE49635F3
                                  SHA-256:709E9E544434C52285A72F29AD6B99CE1E7668545F10AD385C87ABF34D2052BB
                                  SHA-512:CD551E7944461F3288B880B9D161F19F97EB4599A3A46CC93C4172B5112960FB0C040B9996F13CF0761FB85A283E2F20944135EC59660C807A59B29CDDC44586
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......@....@.................................4#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):15936
                                  Entropy (8bit):6.477340414037824
                                  Encrypted:false
                                  SSDEEP:384:Gps45cnk6LlmSHhV8i+ceek4SzS+nYPLr7wd:Gpsnn5AS/8jZek7C7wd
                                  MD5:4DE6BFE6EA98BC42A5358ED8307107B2
                                  SHA1:8F687E60784FD9046A361DC1DC85D43051CBD577
                                  SHA-256:7C07D167AA4A23AB64A205301663C87E578FF6B31985DF8B51AF80CA6999176F
                                  SHA-512:8091AADEACAD1DAC5191EBB996D1E4BE25A19C10A4E76F79AB7EA2A592711FD39AAD7E89D7DEE09385296AA7A649AABFA7C325C4A627AFE1C009C906709EDB5A
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`............@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):15936
                                  Entropy (8bit):6.477747126356611
                                  Encrypted:false
                                  SSDEEP:384:GpsJ5cn66FmSHhV8Teeek4SzSgnYPLr7mpB:GpsUngS/8TDekdC7yB
                                  MD5:CA17B8CBD623477C5D1D334B79890225
                                  SHA1:2BFC372A28EDE40093286CDA45003951A2CE424F
                                  SHA-256:A7AC47AC8518E2D53575E12521B3A766A5E2EE4133C6C6AB9AE1C3C6777F5E77
                                  SHA-512:D9DDF3E67B9A4E0197D271243623D4DF8A26A35EC2F5195AB316E910E133BA09C70F6D28E7CA69184E4ABABCF063C014D7A6E6EA48F82382B316864A945175C5
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`....... ....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):15936
                                  Entropy (8bit):6.476844183458217
                                  Encrypted:false
                                  SSDEEP:384:Gpsw5cnL6U0mSHhV89+ee84SzSFnYPLr7KTdK:Gps/nHpS/89je80C7KQ
                                  MD5:B4AD335E868693F009B7644E2ED555C1
                                  SHA1:ECCB9711CF78BCD5BD78231A838B1852764B301C
                                  SHA-256:CCA46A54A1A9CE78F7FFC49D195C4AB970AD540B5FCB2B6D9BF57EEDF38EC28D
                                  SHA-512:04A4670345B47C5B256220A85FFC68A1DD6DFE8D44838A4C634EB0EBC469EFC307B0BCF838AA1244634A315F365518B1633586B872C6D459EE80374D14234CA4
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......{.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):185920
                                  Entropy (8bit):6.517453559791758
                                  Encrypted:false
                                  SSDEEP:3072:pmxoFzYbnERrNyf0VCyqp2pswAG8wJfV1cnrQKUCc9rBTq/bKQcUMZ:koFJcQCyuZG8wdKcLgbDcU6
                                  MD5:D4246AF96E1FFA5E63C55E6F0A63ED82
                                  SHA1:30F319CEBD7BCCCFC3637231D07F45BD5A79B03E
                                  SHA-256:84576AAC88D08E864645415D8A81F4B8F04C881B7624973C952BA6BCB94F4C8C
                                  SHA-512:92EDFE62BE5BDDC47EC51B01F8FE71C69691423ABECBB358A972766ACCDC8F9365C064FD0A7833C8853EDD5DED51791A7662584DB5F54BE3586AC2787160FA6A
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AE.m.$z>.$z>.$z>.\.>.$z>...>.$z>...>.$z>...>.$z>.${>T$z>...>"$z>...>.$z>...>.$z>...>.$z>Rich.$z>........................PE..L...pPjW...........!.................%.......0.....o......................................@..........................P..h...LK..d.......................@.......$... 1...............................I..@............0...............................text............................... ..`.rdata..H#...0...$... ..............@..@.data....h...`...\...D..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):33344
                                  Entropy (8bit):6.5580840927675945
                                  Encrypted:false
                                  SSDEEP:768:5TuVpsEkV3/azbYJHf2ZdCwhxKdv0tCFC7dRb:5YQV3/az8x2HCSScC4dRb
                                  MD5:EFF31A13A4A5D3E9A5BD36E7349D028B
                                  SHA1:8E47BE8C1CE4DFD73B7041679E96EA4A17DDB4C0
                                  SHA-256:307B816892FDD9BAD9E28953E1BBB4BCE35C8F8CA783C369D7EB52A22BCC4229
                                  SHA-512:72148C757624868D3866C40B31149CCA171737D82ADBCDF2C8FB03A9D8F3C1CEA2B2FC5137DD11DAAD2328D3AF8FAE43568DCCD843664BC43323F9357B67B6A0
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\j.29.29.29w..9.29...9.29...9.29..9.29...9.29.39..29...9..29...9.29...9.29...9.29Rich.29........PE..L...pPjW...........!.....,...>......H6.......@.....o................................T.....@..........................T.......K.......................j..@...........pA..............................XJ..@............@..P............................text...^+.......,.................. ..`.rdata...-...@.......0..............@..@.data...@....p.......^..............@....rsrc................`..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):574528
                                  Entropy (8bit):6.508068830472597
                                  Encrypted:false
                                  SSDEEP:12288:NtKMEr1LBBgPcvhwhtRtL+tKJZetu4zxLukaMevlOjPMat4+8NMutQaLqqiINw3X:NtKMEr1VBgPcvhwhtRtL+tkZezxLuQeS
                                  MD5:5E1B7D0ACCB4275DEAB6312AA246CB3E
                                  SHA1:488A5CB9D9C0CF27824DF32B9B76D4F67F6FB485
                                  SHA-256:9FC49B3F6FD11A2B2B92748C24F21721D1011B1920D092E38AF4021102125543
                                  SHA-512:5A875DD4731E862F753EBB987593DC61D39DD3D3D13CDED284DE27DD09AFA946FA96824AC194EC0DD45AA2CE0D56637A5522F49F28F3C89B7F5248D389B1B62E
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8i.8i.8i.@..8i....8i.8h.8i....8i....8i.....8i....8i....8i....8i.Rich.8i.........PE..L...pPjW...........!...............................o.....................................@......................... ..."......<.......................@...........................................p...@............................................text............................... ..`.rdata..B...........................@..@.data...,...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):455328
                                  Entropy (8bit):6.698367093574994
                                  Encrypted:false
                                  SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                                  MD5:FD5CABBE52272BD76007B68186EBAF00
                                  SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                                  SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                                  SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):773968
                                  Entropy (8bit):6.901569696995594
                                  Encrypted:false
                                  SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                  MD5:BF38660A9125935658CFA3E53FDC7D65
                                  SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                  SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                  SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):970912
                                  Entropy (8bit):6.9649735952029515
                                  Encrypted:false
                                  SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                                  MD5:034CCADC1C073E4216E9466B720F9849
                                  SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                                  SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                                  SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):79936
                                  Entropy (8bit):6.675027571633986
                                  Encrypted:false
                                  SSDEEP:1536:ygRdVzzmTj2iu+wk5eQjBE55W+hYRwZZ3GFjJJ5n5WF:yIfmHsM5j6VqJJ55WF
                                  MD5:691B937A898271EE2CFFAB20518B310B
                                  SHA1:ABEDFCD32C3022326BC593AB392DEA433FCF667C
                                  SHA-256:2F5F1199D277850A009458EDB5202688C26DD993F68FE86CA1B946DC74A36D61
                                  SHA-512:1C09F4E35A75B336170F64B5C7254A51461DC1997B5862B62208063C6CF84A7CB2D66A67E947CBBF27E1CF34CCD68BA4E91C71C236104070EF3BEB85570213EC
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.._e.}.e.}.e.}.~'..d.}.~'..g.}.....f.}.~'..c.}.e.|..}.l...b.}.l...d.}.~'..D.}.~'..d.}.~'..d.}.~'..d.}.Riche.}.................PE..L...pPjW...........!.........l.....................o.........................`......-.....@.............................1............0............... ..@....@...................................... ...@...................l...`....................text............................... ..`.rdata...L.......N..................@..@.data........ ......................@....rsrc........0......................@..@.reloc..*....@......................@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):51264
                                  Entropy (8bit):6.565433654691718
                                  Encrypted:false
                                  SSDEEP:768:a+BEJER/xSW/EoB8VBQZbKYawLysHFhIAqQbQMD8YpwQ+Qi4v8qUYVC7R:a+BEJERvQGbKnwusjIAq08YDi4UqUYoR
                                  MD5:95EDB3CB2E2333C146A4DD489CE67CBD
                                  SHA1:79013586A6E65E2E1F80E5CAF9E2AA15B7363F9A
                                  SHA-256:96CF590BDDFD90086476E012D9F48A9A696EFC054852EF626B43D6D62E72AF31
                                  SHA-512:AB671F1BCE915D748EE49518CC2A666A2715B329CAB4AB8F6B9A975C99C146BB095F7A4284CD2AAF4A5B4FCF4F939F54853AF3B3ACC4205F89ED2BA8A33BB553
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J!...@..@..@...@..@...u..@...B..@..@..@..8M..@...t..@...E..@...D..@...C..@.Rich.@.........PE..L...pPjW...........!.....V...Z......9_.......p.....o................................X.....@..............................+..L|..........................@.......t....r...............................{..@............p...............................text...TT.......V.................. ..`.rdata...F...p...H...Z..............@..@.data...(...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):17472
                                  Entropy (8bit):6.403594687791098
                                  Encrypted:false
                                  SSDEEP:192:A3PK394shTLHzW8KMw3X+PVR6y/FNdoEUtnYe+PjPriT0fwoBpp6Z:BThTrzPPQOPV5NNdoEwnYPLr7xc
                                  MD5:94CAADA66F6316A9415A025C68388A18
                                  SHA1:57544E446B2B0CFBA0732F1F46522354F94B7908
                                  SHA-256:D1C4FB91296D643AEE6AB9CD66CC70ACBE2667AD572D969A06FFEAA2A8859FAF
                                  SHA-512:AC29E7C722A266DCB633953EF2A7E33DF02059AC7876FF94828464B5B74B5BC321C5D2D2851F3CBBFE1328D18F3CD9A49E5EFFE7E4E8AC2BEB3A0E4AAA53AD87
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w....@..w..O9K..w....O..w...w...w....M..w....x..w....y..w....H..w....I..w....N..w..Rich.w..........PE..L...qPjW...........!................)........0.....o.........................p......w.....@..........................7.._....3..<....P...............,..@....`.......0...............................2..@............0...............................text...>........................... ..`.rdata..O....0......................@..@.data...X....@......."..............@....rsrc........P.......$..............@..@.reloc.......`.......(..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):16448
                                  Entropy (8bit):6.380289288441742
                                  Encrypted:false
                                  SSDEEP:384:GpsCgvnvId6YmSHhV85AeencGtnYPLr7Vz:GpsDngGS/851ebC7Vz
                                  MD5:7DA6AA3CC4763C6F9C20B43E6C9A9547
                                  SHA1:3F28CF8E6AAD199DCC621F2A2C8AD50126813B05
                                  SHA-256:F7375AD07F0BE6FD75E822A9ECFF5ACA073DB03B95894C05C7657BEC7AF59AF4
                                  SHA-512:7948EAA11B4026F9975B6CC4225A4C0B617341299364196F3825EEF4484A6EEB529319BF4F6D19436689083C36BF1F6B9880574764612FC900C8CC1D73EED1BB
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......1.....@..................................#..P....@..H............(..@....P....... ..............................h"..@............ ...............................text............................... ..`.rdata..*.... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):15936
                                  Entropy (8bit):6.4779230305378315
                                  Encrypted:false
                                  SSDEEP:384:Gpsk5Bn46zmSHhV8yYAeeU4Sz5uwnYPLr73ki:GpsungS/8yY1eUuwC79
                                  MD5:E9AA62B1696145A08D223E7190785E25
                                  SHA1:A9A0CB22A28A3843CF6CCBC9578B1438F0A7B500
                                  SHA-256:EA9DF3432EF31B6864112AF1CEC94E6BE33B92A9030369B9F99225113BCA6EF8
                                  SHA-512:516FA102922980DF592DD08A840DA9073B6568F5E52847968C59995F2BD067AC6D2668D0272AE017D0C71AF627766A8676AE1EB1BC520B76F1F9C5CEEB4BA840
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......#....@.................................D#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):773968
                                  Entropy (8bit):6.901569696995594
                                  Encrypted:false
                                  SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                  MD5:BF38660A9125935658CFA3E53FDC7D65
                                  SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                  SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                  SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):172096
                                  Entropy (8bit):6.3747906238754855
                                  Encrypted:false
                                  SSDEEP:3072:1WkHL+UE3r2l5p2WqjgFWcWpPa6QoCzOb/UcODMM4cBqg8UyJNd5uGZzfYtRD+Em:YdNq5YkFuPYzOb/UcODMM4cBqg8UyJNR
                                  MD5:FB658E2F5E185FE5762B169A388BA0BD
                                  SHA1:386235AB2F7AD35E82CD9AC97E9B56E1E308BC90
                                  SHA-256:A91E68C76A90A02D9EDF75E5141C248B3AA5DD612E37883D27065D78A782AF20
                                  SHA-512:B0EAB6F2572552298CD221AF9E71CA7C02375D92E14F7EBD783F5DC9247964F72E658DBFC4273BD3C36DF57199171263F1A4969F133823965448C552BB514EEC
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-n.C=.C=.C=...=..C=a..=..C=...=..C=...=..C=.B=..C=...=..C=...=.C=...=.C=...=.C=...=.C=...=.C=Rich.C=........................PE..L...rPjW...........!.....J...@.......-.......`.....o......................................@.............................A............ ...h..............@.......h....c..................................@............`..H............................text....H.......J.................. ..`.rdata..!....`.......N..............@..@.data...X!..........................@....rsrc....h... ...j..................@..@.reloc...".......$...d..............@..B................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):15936
                                  Entropy (8bit):6.477211573452372
                                  Encrypted:false
                                  SSDEEP:384:Gps25Bnb61mSHhV8nOeet4SzvBQnYPLr7D8/:Gpson1S/8nTetJSC7+
                                  MD5:ED3F3D8E4C382BF8095B9DE217511E29
                                  SHA1:CAE91B9228C99DCC88BAC3293822AC158430778C
                                  SHA-256:800F41B877AA792A8469C4DBB99838E7A833B586EC41BD81DA81EAA571F7FAC1
                                  SHA-512:023855267C6CC6BD5230E7A922310328E8DC0521C041C038C579035C9B1E70EAC168695B56357793505375E0B134FAD040BB284C6B02B3190EE7F6FCAEC33FE9
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`...........@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):52800
                                  Entropy (8bit):6.433054716020523
                                  Encrypted:false
                                  SSDEEP:1536:Rk2X5KQaT9nNrmTTY99ccAlGGzGRulFJWpiDO:RkgUhpmA99ccOGGzGRuPJWpgO
                                  MD5:6D05EAD2F6B95C4AFFCFB1B27DC0C188
                                  SHA1:0D04A67505D006493F252985AC294B534D271EF2
                                  SHA-256:6330591A151E565B5EAB2D174DF8E2F6523A8F403E4E8D8C8DC58D0945881F19
                                  SHA-512:DBE98FA16162636039853E9A82CADBE4E6D5A4E6E282A3FBBC122229C314C91E7C445FEB83921EBFE024DC09BC6AA76682F903036A2D2BEA363F1D09DD571B10
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q..D5.w.5.w.5.w..J..7.w.5.v...w.8..6.w.8..6.w.8..9.w.8..7.w.H..2.w.H..4.w.8..4.w.H..4.w.Rich5.w.........................PE..L...pPjW...........!...............................o................................/&....@....................................<.......................@...............................................@............................................text.............................. ..`.rdata..X...........................@..@.data...D...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):116288
                                  Entropy (8bit):5.7845827860105885
                                  Encrypted:false
                                  SSDEEP:3072:UbqmeUF67oaebwU3ta+uHMg9glgFvcfgfgzgG4g9XTXDXp+RuXGXlXdY9vXTXvXQ:8qmeUF67ZeUUVjcIA
                                  MD5:5AADADF700C7771F208DDA7CE60DE120
                                  SHA1:E9CF7E7D1790DC63A58106C416944FD6717363A5
                                  SHA-256:89DAC9792C884B70055566564AA12A8626C3AA127A89303730E66ABA3C045F79
                                  SHA-512:624431A908C2A835F980391A869623EE1FA1F5A1A41F3EE08040E6395B8C11734F76FE401C4B9415F2055E46F60A7F9F2AC0A674604E5743AB8301DBADF279F2
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........tm....X...X...X.G.X...X.G.X...X.G.X...X.G.X...XR..X...X...X...X.l.X...X.l.X...X.G.X...X.l.X...XRich...X........PE..L...pPjW...........!................=..............o................................|.....@.........................0...K...|...d.......................@....... ......................................@...............4............................text.............................. ..`.rdata..X...........................@..@.data...............................@....rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):86592
                                  Entropy (8bit):6.686302444148156
                                  Encrypted:false
                                  SSDEEP:1536:/QsPinZd9lmzFRQnJ9sSpkWgVenAe7C3xWxNO3A4:lPE9lEmtpkj7eqWxNCA4
                                  MD5:5E6DDF7CF25FD493B8A1A769EF4C78F7
                                  SHA1:42748051176B776467A31885BB2889C33B780F2D
                                  SHA-256:B9BEACA57BFF23C953917C0B2037351EF3334E6A9DE447DCA6542FE5C815BF9F
                                  SHA-512:C47F742F064B99E5B9C2BDEAC97472D9D8C9466C9071E9799AF79F820199D9B30B198C33EF635F07A972B77475AFEA9E7417AA6335D22A7380E7B0E552869C18
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!3.ueRr&eRr&eRr&...&gRr&eRs&ERr&h..&fRr&h..&oRr&h..&hRr&h..&gRr&.+.&nRr&.+.&dRr&h..&dRr&.+.&dRr&RicheRr&........PE..L...qPjW...........!................~..............o................................O.....@........................../..B...D4..<....p...............:..@.......\...................................0...@...............|............................text...4........................... ..`.rdata..*w.......x..................@..@.data...$....@....... ..............@..._RDATA.......`.......(..............@..@.rsrc........p.......0..............@..@.reloc..\............4..............@..B................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):14912
                                  Entropy (8bit):6.381906222478272
                                  Encrypted:false
                                  SSDEEP:192:kNncquU+hyD13XLPVlD6o+N9F5os7USnYe+PjPriT0fwXF27:kNcWp7PVl67/nYPLr7s27
                                  MD5:3C9DC0ED8ADD14A0E5B845C1ACC2FF2E
                                  SHA1:25C395ADE02199BEDCEE95C65E088B758CD84435
                                  SHA-256:367C552FBA3DA5F22791CF8F22B983871639ECD2EF7F5B1880021FE4C4F65EE4
                                  SHA-512:4DD5F68180D03B6621E46732F04B47F996B96F91F67845538D1B303E598CCFDB5E4F785A76DE7DFCB8918125FDB06B9068C4EAB06984B5AA9224DCE90190BA1A
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z>Mg._#4._#4._#4.'.4._#4..4._#4..4._#4..4._#4._"4>_#4..4._#4..4._#4..4._#4..4._#4Rich._#4................PE..L...pPjW...........!......................... .....o.........................`.......>....@..........................%......\"..d....@..............."..@....P..D.... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc.......P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):15936
                                  Entropy (8bit):6.466364086630595
                                  Encrypted:false
                                  SSDEEP:384:Gpss5cnn6vmSHhV8TI1ee84SzK8nYPLr7HuY:Gps7nnS/8Tte8tC7HuY
                                  MD5:12B6E1C3205A8B17AC20E00A889DFC43
                                  SHA1:42458CFA7135858ACEF10803B87A208FA7E66413
                                  SHA-256:EAEA20A794EC6BB15808EF278376A87CF91F9BE15FE6A7DE92014AC4BF75555D
                                  SHA-512:174703820636DED2BA081420A8D1E37D67FDA6C13AC406C2F08E16DCF0C7B7D9642E37BC888802B50ED3438D6029C4FECCD7C151B82CF9A91F13F36C4A0B2019
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......r.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):15936
                                  Entropy (8bit):6.475930674615241
                                  Encrypted:false
                                  SSDEEP:384:GpsFG5BnK6xmSHhV8TCeeX4SzREnYPLr7Ggp:Gpsen0S/8TveXUC7jp
                                  MD5:31C0CED43A07A2DFF3AFC557EBABBE0F
                                  SHA1:9100A7393B919EB35C79CE16A559D783219E2F20
                                  SHA-256:B93D0D62436D89C84C66ABBDCF817084A6BA01F7E10053C8F343DF5D53D37536
                                  SHA-512:716818BBF6E4F21C2A627259F1D35E8375EFEF9C3B197B3AF6E10A4A1735CC643141C32270DF7F6FE25733517BE38CAA09205B98119996237E8EAE6A7D0825A7
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......84....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):15936
                                  Entropy (8bit):6.475447140204412
                                  Encrypted:false
                                  SSDEEP:384:Gps85BnF26emSHhV8QM1eet4SzvBonYPLr7I:GpsGnFjS/8QBetJWC7I
                                  MD5:43C1D1D0E248604CB3B643C0BDF4EC9A
                                  SHA1:7BEE9DEB1E43F0FECF0FC57BDFD3F79CF048151F
                                  SHA-256:165BFF317674BE33F2920320F3EF0957539E5BF149B673C2073DF48FF93A6D94
                                  SHA-512:CAA9B14DF20FFF92CFC4F9A8557804FBD4CC02831824CD53AEAC7D0EE7918BBD50E22A69AB5FFC9E92A468A5201DF263707D373D60378817DC5FEFDE1ABC48BF
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......t....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):177216
                                  Entropy (8bit):6.909590121652277
                                  Encrypted:false
                                  SSDEEP:3072:L9Wyo+Jyru3w8WqWnJjOUrI7vh+Dug9PVWU+kmaVE9TBfQiJ8:BWyPsi34i+DugFj+kmaVE9TB4/
                                  MD5:8DC2356E3FF3A595AEDE81594A2D259A
                                  SHA1:A05E05E9EA8FB0C8928112CA931EB4F5E977B92A
                                  SHA-256:B9DE5D3ABBC0AC956E7F590E4C8507FF570B6C353374BB80F413B5846CE322FE
                                  SHA-512:D5C83EBDB7192DD361856B236A07AFD4FF95E68E0036396D68A3407ED680D4A36EC857AB101DBA5F583AA67CC45A2835178DAC84A68472C7F619EFA674FE51F0
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................8h....z.l.....8j.....8_......_......g.......h....8^......8o.....8n.....8i....Rich...........................PE..L...pPjW...........!...............................o......................................@.........................`...........P.......................@...........`...................................@...............D...|...@....................text............................... ..`.rdata..]...........................@..@.data....1..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):473152
                                  Entropy (8bit):5.475991416072106
                                  Encrypted:false
                                  SSDEEP:6144:ngmgmb+p19k+j4QJKFDSha+IJ6NyLu/wtAWvrMZp5WMuBzj:n17bsj4QJlha+XNyLu/iAWvhBzj
                                  MD5:79CFE207E05F771E29847573593F6DE1
                                  SHA1:34DFA813802C6F5A57A557BF72B2B306F8042E90
                                  SHA-256:AEB27727F428116069944BB92B477D7487C9DEB3921E1005814536459E35222F
                                  SHA-512:2C71A827BB156BD012BE20B30D701D5123D8B6C7889D4F4A47A483D3477C25BF224E7F205CA9FCCB08DA0A2EF28AF6433D018A0E555BCE911C31A5F462F41578
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@.....@..@..@..4@..@.u2@..@.u.@..@../@..@..?@..@..@:.@k..@..@.u.@\.@.u7@..@.u6@..@.u1@..@Rich..@........PE..L...pPjW...........!.....^..........r .......p.....o.........................p............@.........................@D.......+...........s........... ..@.... ..H6...t..................................@............p.......).......................text...\\.......^.................. ..`.rdata.......p.......b..............@..@.data....I...P...*...8..............@....rsrc....s.......t...b..............@..@.reloc...H... ...J..................@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):52800
                                  Entropy (8bit):6.367562931371078
                                  Encrypted:false
                                  SSDEEP:768:0UD9dxWf4b4UoY6sUsaJ2sQ7O+phclByW3T9KMDbgz2dN6lDb/9/YMw0c3D6QsTY:0IofovBbS9KMvHR0cz6QsTPOXm2BT9j7
                                  MD5:F434A8AC7F1C8C0E2587B9A9F30E397B
                                  SHA1:BD62E10E44117A60EB4180412112593D9460299D
                                  SHA-256:6A994B389B8F7109238DE6F230B1B540186ED2EC8D081C7601C6996863AA4DC8
                                  SHA-512:9896DAC36BD4F7289C7701B75AD8EB9F7ACD233384075A3FBA6E6F2F38E420F37C1A29317EEEA3C4DDBA1791F6F17187DD5BDFDD9F98F095E7D4DF20C0D5EA3E
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Hi.m...>...>...>..u>...>.Fq>...>..w>...>..C>...>.pj>...>.pz>...>...>...>c~B>...>..B>...>..s>...>..t>...>Rich...>........PE..L....HjW.................f...R.......i............@.................................._....@.....................................x.......................@.......X...@...............................P...@...................`........................text....e.......f.................. ..`.rdata...5.......6...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):123968
                                  Entropy (8bit):6.699694377005066
                                  Encrypted:false
                                  SSDEEP:1536:jWi/SLhxEJKv0O4+zwtKg3HquHB2u0YUdRXGCDilgKptxG0ULtt1vtxgl0IlgqA2:+vdtg6ZYUniPe5vtxgl0IlgqA2
                                  MD5:0BAB62A0CF67481EA2A7F3CAFD7C5144
                                  SHA1:D6B010C815F4D9C675DF918B615FE0AAE45249EA
                                  SHA-256:FC57682FDBCA50FAEBFC6B4F5D199FC407A541C110C15F0C850503006D32301A
                                  SHA-512:0128813DE247246BF4AECE1B222B6611E5AE1EDE01A1B339CFE0F98184739D7A066DAE4F1A271F544BB39F9B79F053F4B96F2E471B9444C29855CF52FB7835CB
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..@=..=..=..4.1.?....:.<..&G>.>..=.....&G<.:..&G..>..&G.....&G9.<..&G8.<..&G?.<..Rich=..................PE..L...qPjW...........!.........................0.....p......................................@.........................p...:...\...<.......................@............0..................................@............0...............................text............................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..>...........................@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):25664
                                  Entropy (8bit):6.488681310308951
                                  Encrypted:false
                                  SSDEEP:384:GxZ2v7Oc56lspQEgde9M3z27lFOJIjkzIPV5yKlWFKbKwnYPLr7Wo5L:Xr5PQEOe9MD4lFhjk8ddeKWwC7dL
                                  MD5:039AD8A7A4B14C321F156878838A2340
                                  SHA1:6AD9D2FBA988193D16E7B3278C0D0757AB99B3EF
                                  SHA-256:ED3AD7EBA989FB31C2ABC3220694D1446D33659782CB1B333318EC54A577389D
                                  SHA-512:7D5B8C191A7D0C4FEDB831DE197A3CB5DC0564AD3F2E57EEE8C506B2308B656D2F0FE086D508FAB8F03CA0E1B0574E708728373DFA3116C9B9FC5DFDB72FEE46
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.............................;......V...............:..........................Rich....................PE..L...rPjW...........!.....(..."......h2.......@.....p.................................3....@.........................`O.......G..d....p...............L..@...........PA..............................8D..@............@..4............................text....&.......(.................. ..`.rdata..8....@.......,..............@..@.data...`....`.......B..............@....rsrc........p.......D..............@..@.reloc..^............H..............@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):195136
                                  Entropy (8bit):6.80727029211823
                                  Encrypted:false
                                  SSDEEP:3072:fmtIwyq6lFq857zCYLFYEVothL10xYOXjV5qECVTHLy71vJ2qIcWYEfQQxIYh5t+:mIwyqM7qYLVVIqhfqfTm1W+Tws
                                  MD5:E1904A4B2D6F657B9FEF053893FE3C41
                                  SHA1:59AC965A1029AE936DDD5AE623A9A025D49737EC
                                  SHA-256:5929E3510F67FEAE073B8995BFC542FD7A0626F57D2FBC829EFC95206DF8F85F
                                  SHA-512:C0A60928299EA2E6DC8AD1E3DE9CEF77C8E520585F8D73BD7F56E33705D1A2AEC04AE9C01A8069AE5A0D71F28AEF42F4A260CF4D5BB44A95DCEB70E5C8DB8FEA
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`.zS$...$...$...-..&...?>..'...?>..!...$.......?>.. ...?>......?>..%...?>..%...?>..%...Rich$...................PE..L...pPjW...........!.....f...........p.............p......................... .......]....@.............................f...\...P.......................@...............................................@............................................text....e.......f.................. ..`.rdata..v[.......\...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):16448
                                  Entropy (8bit):6.392776971200692
                                  Encrypted:false
                                  SSDEEP:384:GpssZwnvNmc6DDmSHhV8Ogee1cGPnYPLr7fl:GpssqnFm16S/8OVeLC7fl
                                  MD5:7624A9B769CDCF3A75FE5A9FEAADD61F
                                  SHA1:9269968968CD63D6E1ECC14F78B9A630FCC26FBE
                                  SHA-256:41F9A804C888A58DECDE2B63A544DBFF536B40D87CECED197E1A14050858C0DA
                                  SHA-512:1AF7BB30E1FC7600AD0A209DB4E077DAB9CEAA5C4332F8B1353ED0DB7EA71B4A9B7D126E756B634D3FB22618E39AFC5ED52263C88E9F7646EAABB0D9240E382B
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......n.....@..................................#..P....@..\............(..@....P....... ..............................."..@............ ...............................text............................... ..`.rdata..J.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):65600
                                  Entropy (8bit):6.461111208462538
                                  Encrypted:false
                                  SSDEEP:1536:lVeogiQWo3IzLIoDY9p6K/sdDAZ5e1x3afX:veDib4oDu4K/sdDAZ5CxEX
                                  MD5:806580640A68234A711D3BB0642130A7
                                  SHA1:1EDF20DAAC15FE90E9891E95130D0DD70D005B62
                                  SHA-256:CCCC2A9F54E4F5961DD45DAA1F6C97ECFB156EA8E0DF82277A2C109EA4D2E036
                                  SHA-512:0AAC087449DEECBB1CFAEE5C3144500CDC4C1D209D1F1F7D8EB41DD7870504BF71D0CC9AE7761BFC609F42273B7FB3CA7801AA54FB0E92BC71C41CC5CAECD31C
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.H%..H%..H%..A]).J%...k".I%..S.$.L%..S...D%..S.&.O%..H%..w%..S...A%..S.!.I%..S. .I%..S.'.I%..RichH%..........PE..L...pPjW...........!.........L.....................p......................... .......<....@.........................`...........d.......................@...........................................P...@............................................text............................... ..`.rdata..q-..........................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):159296
                                  Entropy (8bit):6.019927381236816
                                  Encrypted:false
                                  SSDEEP:3072:9vFy5zbJEQFFB9AYeb11tzTQrTBfYEaf9zQ6NlUlh5:7iFry3b11twTBgEaf9zQ6Nc
                                  MD5:C15F0FE651B05F4288CBC3672F6DC3CE
                                  SHA1:FFCE84FE532B41F31CDDC41C84024FAFE6BC30E6
                                  SHA-256:869DC4D40444F10325057B0CC3BB7EA48942DD712DF8A1AE331A554FF0397F1A
                                  SHA-512:E9E27C4C68972E3250B380C1A5D5EB02BEC03028D389234A44A7D56974BFA233D177173F929BDB6FF877AE17A529D85D384684B0037E260A0143F7A95A0204C6
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ar.:%..i%..i%..i,kKi'..i.]@i&..i>.Di&..i%..in..i>.Fi ..i>.ri8..i>.si,..i>.Bi$..i>.Ei$..iRich%..i........PE..L....DjW..........................................@..................................c....@..................................p..<....................V..@........... ...............................@6..@............q...............................text............................... ..`.rdata.............................@..@.data........P.......(..............@....idata..D....p.......8..............@....rsrc................B..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):39488
                                  Entropy (8bit):6.751057397220933
                                  Encrypted:false
                                  SSDEEP:768:Okt1MVMrA9/Klzwz9UyCgMUt9onPs3h3nVt83OndMY7dmMpAnC70N:Oo1oMQ/CrPa3VWO+gdmMW6q
                                  MD5:DE2167A880207BBF7464BCD1F8BC8657
                                  SHA1:0FF7A5EA29C0364A1162A090DFFC13D29BC3D3C7
                                  SHA-256:FD856EA783AD60215CE2F920FCB6BB4E416562D3C037C06D047F1EC103CD10B3
                                  SHA-512:BB83377C5CFF6117CEC6FBADF6D40989CE1EE3F37E4CEBA17562A59EA903D8962091146E2AA5CC44CFDDDF280DA7928001EEA98ABF0C0942D69819B2433F1322
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.d....]...]...]...]...].H.]...].H.]...].H.]...]...]_..].H.]...].H.]...].H.]...].H.]...]Rich...]........................PE..L...pPjW...........!.....N...4.......W.......`.....p................................*k....@.................................<x..P.......................@...........Pa...............................v..@............`..<............................text....L.......N.................. ..`.rdata..e!...`..."...R..............@..@.data...(............t..............@....rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):21568
                                  Entropy (8bit):6.4868701533420925
                                  Encrypted:false
                                  SSDEEP:384:uVI9/tEAHVvfiqiW9LEiGTHb6hVXbS7fLsD5bGGNET7T7T7T7JyFoynPV5hgGLVt:uVI9/yA9f1iW9LEiGTHb6hVXbS7QbGG9
                                  MD5:7C2959F705B5493A9701FFD9119C5EFD
                                  SHA1:5A52D57D1B96449C2B40A82F48DE2419ACA944C3
                                  SHA-256:596F89E7E5D9AC2B1F97FA36A20A7405C1CC41A9FCBA96DB089ADA4550131B24
                                  SHA-512:B7B48BD14701F75B9018BEDEE5A4CFCEBDAC342F83339FB3F1EFB7855598474C9D1CC993B5D4ADD3326140435087D2BD7CBBC18BC76C64EAD6234A9A7D57C552
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..3..`..`..`.E.`..`.E.`..`.E `..`...`..`..`2.`.E!`..`.E.`..`.E.`..`.E.`..`Rich..`........................PE..L...pPjW...........!.........".......#.......0.....p.................................h....@.........................@B.......<..x....`...............<..@....p.......0...............................;..@............0...............................text............................... ..`.rdata..6....0......................@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc..&....p.......8..............@..B................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):163904
                                  Entropy (8bit):6.508553433039132
                                  Encrypted:false
                                  SSDEEP:3072:onzJtwzsrYx6cY+90AiVrM5muIqltkt7maRoM/X1fJqO0NJT:onttwzsrYxTaVVY5muIq3mx/X1fcb
                                  MD5:A63387A1BFDF760575B04B7BFD57FF89
                                  SHA1:9384247599523D97F40B973A00EE536848B1D76F
                                  SHA-256:5DF5B7E6EFCC345DDC8448AFC707B666F5F696F554B00ACA64D8E23EDBC176BF
                                  SHA-512:CB3A6A394424345FFA076E0BE58F284A0E4DB6FBFCE02D93FB4871D350A7FA1E673175AE988C26453DB1C983C0D06A01DD413DE47031BB4BF308CAAF3513C36F
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...T.^.T.^.T.^..)^.T.^../^.T.^...^&T.^.".^.T.^.,2^.T.^.,"^.T.^.T.^MT.^...^.T.^..*^.T.^..+^.T.^..,^.T.^Rich.T.^................PE..L...rPjW...........!...............................p......................................@.................................D........p..P............h..@.......d...................................P...@.......................@....................text............................... ..`.rdata...d.......f..................@..@.data...`@... ..."..................@....rsrc...P....p.......(..............@..@.reloc..~/.......0...8..............@..B........................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):69696
                                  Entropy (8bit):6.89860109289213
                                  Encrypted:false
                                  SSDEEP:1536:ZCghp1EJqcGdjandlraksIOwIOpVnToIft4tpgO6:/142jUhimp9TBft4tqO6
                                  MD5:CB99B83BBC19CD0E1C2EC6031D0A80BC
                                  SHA1:927E1E24FD19F9CA8B5191EF3CC746B74AB68BCD
                                  SHA-256:68148243E3A03A3A1AAF4637F054993CB174C04F6BD77894FE84D74AF5833BEC
                                  SHA-512:29C4978FA56F15025355CE26A52BDF8197B8D8073A441425DF3DFC93C7D80D36755CC05B6485DD2E1F168DF2941315F883960B81368E742C4EA8E69DD82FA2BA
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H....................2.................4.....................5.............................Rich............PE..L...pPjW...........!.........h.....................p.........................0......V.....@.................................L...d.......................@.... ..X...0...................................@............................................text............................... ..`.rdata..wV.......X..................@..@.data...............................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):155
                                  Entropy (8bit):4.618267268558291
                                  Encrypted:false
                                  SSDEEP:3:nSkoZgZLXnuWxVEsTwVAAiuKIn7IRAdSPGGzJ0vwQAnfMaAHCRyvy:nBcAPWEwVAkIiSPhwwpkaAHCIa
                                  MD5:9E5E954BC0E625A69A0A430E80DCF724
                                  SHA1:C29C1F37A2148B50A343DB1A4AA9EB0512F80749
                                  SHA-256:A46372B05CE9F40F5D5A775C90D7AA60687CD91AAA7374C499F0221229BF344E
                                  SHA-512:18A8277A872FB9E070A1980EEE3DDD096ED0BBA755DB9B57409983C1D5A860E9CBD3B67E66FF47852FE12324B84D4984E2F13859F65FABE2FF175725898F1B67
                                  Malicious:false
                                  Preview:#..# Load the Java Access Bridge class into the JVM..#..#assistive_technologies=com.sun.java.accessibility.AccessBridge..#screen_magnifier_present=true....
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1438
                                  Entropy (8bit):5.214662998532387
                                  Encrypted:false
                                  SSDEEP:24:QVDpdQYHLOVhl86bePCkHUMCLC9TFcgg+DR+Oby:MQ4LOVh2WGfUMCLC9Zcgg2Ru
                                  MD5:92BA2D87915E6F7F58D43344DF07E1A6
                                  SHA1:872BC54E53377AAC7C7616196BCCE1DB6A3F0477
                                  SHA-256:68F0CF30429A42A6FE78B1DE91970E5C78FD03D1599BEB080C1C196D5C59E4C0
                                  SHA-512:A964E2CEB4D601FAF28ECF13FB11777B70708C21CF9EA23721E462B6E911051108B8A42EBF6447FA49CB61D7FA2D79475F50EE791F1121616371E2B02FAB71B6
                                  Malicious:false
                                  Preview:# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..# Japanese imperial calendar..#..# Meiji since 1868-01-01 00:00:00 local time (Gregorian)..# Taisho since 1912-07-30 00:00:00 local time (Gregorian)..# Showa since 1926-12-25 00:00:00 local time (Gregorian)..# Heisei since 1989-01-08 00:00:00 local time (Gregorian)..calendar.japanese.type: LocalGregorianCalendar..calendar.japanese.eras: \...name=Meiji,abbr=M,since=-3218832000000; \...name=Taisho,abbr=T,since=-1812153600000; \...name=Showa,abbr=S,since=-1357603200000; \...name=Heisei,abbr=H,since=600220800000....#..# Taiwanese calendar..# Minguo since 1911-01-01 00:00:00 local time (Gregorian)..calendar.taiwanese.type: LocalGregorianCalendar..calendar.taiwanese.eras: \...name=MinGuo,since=-1830384000000....#..# Thai Buddhist calendar..# Buddhist Era since -5
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Java archive data (JAR)
                                  Category:dropped
                                  Size (bytes):3091908
                                  Entropy (8bit):6.633254981822853
                                  Encrypted:false
                                  SSDEEP:49152:puZi4j4TQkgaSOHEhjy2twRYEc1sJzlbguMuD:puZiW4smxGocuJlbgq
                                  MD5:0B3923ABB0D48FDAE7A2306717967B39
                                  SHA1:0882294FFEC2769023AA36FF9CC53562F8E26020
                                  SHA-256:E88AEC2A49F07CAC9471D9E4C113FA189600B57245685814D043C20EA8A8B471
                                  SHA-512:CF622081B290140CE8419B30FB25442F7204C9A37E1490030A4D656F66C509946F48C50CC7794DA51007EFB202805605FE3C2AC3534D63FBF928EA35CE16A040
                                  Malicious:false
                                  Preview:PK........s..H................META-INF/....PK........s..H<:S1D...D.......META-INF/MANIFEST.MFManifest-Version: 1.0..Created-By: 1.7.0_07 (Oracle Corporation)....PK...........HUi..............sun/nio/cs/ext/Big5.class.......4."..........t....t............................................................................................................................................................................................................................................................................................................................................................................~.........b2cSBStr...Ljava/lang/String;...ConstantValue...b2cStr...[Ljava/lang/String;...b2c...[[C...b2cSB...[C...b2cInitialized...Z...c2b...c2bIndex...c2bInitialized...<init>...()V...Code...LineNumberTable...historicalName...()Ljava/lang/String;...contains...(Ljava/nio/charset/Charset;)Z...StackMapTable...newDecoder..#()Ljava/nio/charset/CharsetDecoder;...newEncoder..#()Ljava/nio/charset/Ch
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):84355
                                  Entropy (8bit):4.927199323446014
                                  Encrypted:false
                                  SSDEEP:1536:4X/nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+KMjD:qxn5rxLyMzbf5OK3CJNG51g86A
                                  MD5:7FC71A62D85CCF12996680A4080AA44E
                                  SHA1:199DCCAA94E9129A3649A09F8667B552803E1D0E
                                  SHA-256:01FE24232D0DBEFE339F88C44A3FD3D99FF0E17AE03926CCF90B835332F5F89C
                                  SHA-512:B0B9B486223CF79CCF9346AAF5C1CA0F9588247A00C826AA9F3D366B7E2EF905AF4D179787DCB02B32870500FD63899538CF6FAFCDD9B573799B255F658CEB1D
                                  Malicious:false
                                  Preview:java/lang/Object..java/lang/String..java/io/Serializable..java/lang/Comparable..java/lang/CharSequence..java/lang/Class..java/lang/reflect/GenericDeclaration..java/lang/reflect/AnnotatedElement..java/lang/reflect/Type..java/lang/Cloneable..java/lang/ClassLoader..java/lang/System..java/lang/Throwable..java/lang/Error..java/lang/ThreadDeath..java/lang/Exception..java/lang/RuntimeException..java/lang/SecurityManager..java/security/ProtectionDomain..java/security/AccessControlContext..java/security/SecureClassLoader..java/lang/ClassNotFoundException..java/lang/ReflectiveOperationException..java/lang/NoClassDefFoundError..java/lang/LinkageError..java/lang/ClassCastException..java/lang/ArrayStoreException..java/lang/VirtualMachineError..java/lang/OutOfMemoryError..java/lang/StackOverflowError..java/lang/IllegalMonitorStateException..java/lang/ref/Reference..java/lang/ref/SoftReference..java/lang/ref/WeakReference..java/lang/ref/FinalReference..java/lang/ref/PhantomReference..sun/misc/Cleaner
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Sun KCMS color profile 2.0, type KCMS, XYZ/XYZ-spac device, 51236 bytes, 2-12-1997 18:50:04, dependently, PCS X=0xf6b3 Z=0xd2f8 "XYZ to XYZ Identity Profile"
                                  Category:dropped
                                  Size (bytes):51236
                                  Entropy (8bit):7.226972359973779
                                  Encrypted:false
                                  SSDEEP:1536:2Qnt0y7xFNksbeCqY39JJ8GmaNo68GmaNo68GmaNoW:JOy7xXjtqYNfHxNo6HxNo6HxNoW
                                  MD5:10F23396E21454E6BDFB0DB2D124DB85
                                  SHA1:B7779924C70554647B87C2A86159CA7781E929F8
                                  SHA-256:207D748A76C10E5FA10EC7D0494E31AB72F2BACAB591371F2E9653961321FE9C
                                  SHA-512:F5C5F9FC3C4A940D684297493902FD46F6AA5248D2B74914CA5A688F0BAD682831F6060E2264326D2ECB1F3544831EB1FA029499D1500EA4BFE3B97567FE8444
                                  Malicious:false
                                  Preview:...$KCMS....spacXYZ XYZ .........2..acspSUNW....KODA.ODA............................................................................A2B0.......4B2A0.......4cprt.......Gwtpt...T....desc...h....K070........K071........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~.................................................................................................................................................................................................................................................................................................................................. !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmm
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Sun KCMS color profile 2.0, type KCMS, GRAY/XYZ-mntr device, KODA/GRAY model, 632 bytes, 27-7-95 17:30:15, embedded, relative colorimetric, PCS Z=0xd32b "KODAK Grayscale Conversion - Gamma 1.0"
                                  Category:dropped
                                  Size (bytes):632
                                  Entropy (8bit):3.7843698642539243
                                  Encrypted:false
                                  SSDEEP:12:51AP3fJgXQ531yqQac/lkgz42WlHlYujlOl9Fhl:vA2XQCqpUlkgzulHiXl3hl
                                  MD5:1002F18FC4916F83E0FC7E33DCC1FA09
                                  SHA1:27F93961D66B8230D0CDB8B166BC8B4153D5BC2D
                                  SHA-256:081CAAC386D968ADD4C2D722776E259380DCF78A306E14CC790B040AB876D424
                                  SHA-512:334D932D395B46DFC619576B391F2ADC2617E345AFF032B592C25E333E853735DA8B286EF7542EB19059CDE8215CDCEA147A3419ED56BDD6006CA9918D0618E1
                                  Malicious:false
                                  Preview:...xKCMS....mntrGRAYXYZ ._..........acspSUNW....KODAGRAY.......................+....................................................cprt.......?desc........dmnd.......`wtpt........kTRC........dmdd.......dtext....COPYRIGHT (c) 1997 Eastman Kodak, All rights reserved...desc.......'KODAK Grayscale Conversion - Gamma 1.0..................@...............~.......................~.......~..............desc........KODAK..................@..................................................,...,....XYZ ...............+curv............desc........Grayscale..................@..................................................,...,....
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:color profile 2.0, type KCMS, RGB/XYZ-mntr device by KODK, 1044 bytes, 2-2-1998, PCS Z=0xd32c "linear sRGB"
                                  Category:dropped
                                  Size (bytes):1044
                                  Entropy (8bit):6.510788634170065
                                  Encrypted:false
                                  SSDEEP:6:zwuau/7De0/q98EAsBIMD/WvaKIV4R0/lCAEdD0WlV9AEdwKKt/n3knR3lfR/NHD:zw7ePB/rEAsBIkVuUlAYKu/nUnKw
                                  MD5:A387B65159C9887265BABDEF9CA8DAE5
                                  SHA1:7913274C2F73BAFCF888F09FF60990B100214EDE
                                  SHA-256:712036AA1951427D42E3E190E714F420CA8C2DD97EF01FCD0675EE54B920DB46
                                  SHA-512:359D9B57215855F6794E47026C06036B93710998205D0817C6E602B2A24DAEB92537C388F129407461FC60180198F02A236AEB349A17430ED7AC85A1E5F71350
                                  Malicious:false
                                  Preview:....KCMS....mntrRGB XYZ ............acsp........KODK...........................,KODK................................................cprt.......Hdesc...8....rXYZ........gXYZ........bXYZ........rTRC........gTRC........bTRC........wtpt........text....Copyright (c) Eastman Kodak Company, 1998, all rights reserved..desc........linear sRGB............l.i.n.e.a.r. .s.R.G.B.....linear sRGB........................................................XYZ ......m...6.....XYZ ......e........!XYZ ......#B...^...Kcurv........................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..........................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Sun KCMS color profile 2.0, type KCMS, 3CLR/Lab-spac device, 274474 bytes, 6-11-1996 7:50:04, PCS X=0xf6b3 Z=0xd2f8 "Std Photo YCC Print"
                                  Category:dropped
                                  Size (bytes):274474
                                  Entropy (8bit):7.843290819622709
                                  Encrypted:false
                                  SSDEEP:6144:nJleRNRyAnAqNaADEJHeeeeevoAuaiqwV6sg0pUjRVgYgI:nJleRNRpN0j3qhjRC9I
                                  MD5:24B9DEE2469F9CC8EC39D5BDB3901500
                                  SHA1:4F7EED05B8F0EEA7BCDC8F8F7AAEB1925CE7B144
                                  SHA-256:48122294B5C08C69B7FE1DB28904969DCB6EDC9AA5076E3F8768BF48B76204D0
                                  SHA-512:D23CE2623DE400216D249602486F21F66398B75196E80E447143D058A07438919A78AE0ED2DDF8E80D20BD70A635D51C9FB300E9F08A4751E00CD21883B88693
                                  Malicious:false
                                  Preview:..0*KCMS....spac3CLRLab .........2..acspSUNW....KODAnone............................................................................A2B0... ...4B2A0...T..f4cprt..-....Gdmnd..-....ndmdd...@...zwtpt........desc.......nK013../@....K019../L....K030../.....K031..0.....K070..0.....K071..0 ....mft2.....................................................K.S.8.....l.....0...3.........U.. .!h".$.%\&.'.)5*y+.,..5/o0.1.3.4E5v6.7.8.:*;S<z=.>.?.A.B,CLDkE.F.G.H.I.K.L!M7NLO`PsQ.R.S.T.U.V.W.X.Y.[.\.].^._%`,a2b8c=dAeEfHgJhLiMjMkMlLmKnIoFpCq@r;s7t1u,v%w.x.y.z.z.{.|.}.~...............p.b.S.C.3.#..............~.j.U.@.+.............t.\.C.*...........r.W.;...........p.R.3..........w.V.6.........l.J.'........v.R.-.......t.N.(.......f.?........v.N.%........U.+.......U.*......z.N."......n.@.......Z.+......o.@.........P. .......\.+.......d.1...........................z.p.f.[.Q.G.=.3.). ........................ .!.".#.$.%.&{'s(k)d*]+U,N-G.@/9021,2%3.4.5.6.7.8.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Microsoft color profile 2.1, type Lino, RGB/XYZ-mntr device, IEC/sRGB model by HP, 3144 bytes, 9-2-1998 6:49:00 "sRGB IEC61966-2.1"
                                  Category:dropped
                                  Size (bytes):3144
                                  Entropy (8bit):7.026867070945169
                                  Encrypted:false
                                  SSDEEP:48:+FflsXlf/lulel4wlwx+6MjnNsvIYWiR5QkyTJbZPHXZ9u6gbVwyKzJgWjU:aN26MT0D5MdtbZPAVwzV0
                                  MD5:1D3FDA2EDB4A89AB60A23C5F7C7D81DD
                                  SHA1:9EAEA0911D89D63E39E95F2E2116EAEC7E0BB91E
                                  SHA-256:2B3AA1645779A9E634744FAF9B01E9102B0C9B88FD6DECED7934DF86B949AF7E
                                  SHA-512:16AAE81ACF757036634B40FB8B638D3EBA89A0906C7F95BD915BC3579E3BE38C7549EE4CD3F344EF0A17834FF041F875B9370230042D20B377C562952C47509B
                                  Malicious:false
                                  Preview:...HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._.....
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):5824
                                  Entropy (8bit):5.074440246603207
                                  Encrypted:false
                                  SSDEEP:96:6M5VfH+uEMmPDkZeujdJfZUB8BB/+PhPXsOQ71GAXf5lZuU1EbWF7Ycx/AQ12a8T:6M6p4ZeWd1ZUB8BBGPhPXsOQ71GAXBly
                                  MD5:95AE170D90764B3F5E68C72E8C518DDC
                                  SHA1:1939B699D16A5DB3E3F905466222099D7C29285A
                                  SHA-256:A2B31E9CBCEAB296A5E1CF056EFD953CED23B888CD929B0BBE6EB6B53D2BF861
                                  SHA-512:87E970BEAC8141C757D622FC8B6D84FE173EA4B134AFD8E2F979714C1110C3D92F3CE5F2B9DC74804DD37D13AB2A0EDF0FCA242F61CF8ED065AE81B7331F8816
                                  Malicious:false
                                  Preview:#sun.net.www MIME content-types table..#..# Property fields:..#..# <description> ::= 'description' '=' <descriptive string>..# <extensions> ::= 'file_extensions' '=' <comma-delimited list, include '.'>..# <image> ::= 'icon' '=' <filename of icon image>..# <action> ::= 'browser' | 'application' | 'save' | 'unknown'..# <application> ::= 'application' '=' <command line template>..#....#..# The "we don't know anything about this data" type(s)...# Used internally to mark unrecognized types...#..content/unknown: description=Unknown Content..unknown/unknown: description=Unknown Data Type....#..# The template we should use for temporary files when launching an application..# to view a document of given type...#..temp.file.template: c:\\temp\\%s....#..# The "real" types...#..application/octet-stream: \...description=Generic Binary Stream;\...file_extensions=.saveme,.dump,.hqx,.arc,.obj,.lib,.bin,.exe,.zip,.gz....application/oda: \...description=ODA Document;\...file_extens
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):4122
                                  Entropy (8bit):3.2585384283455134
                                  Encrypted:false
                                  SSDEEP:48:BlWxFFGFSupi94blATFxjGph5vLC6/w37ZXQTbVm/eVzOBJ:BlWJEi94blAT+ph5vLkApmGqr
                                  MD5:F6258230B51220609A60AA6BA70D68F3
                                  SHA1:B5B95DD1DDCD3A433DB14976E3B7F92664043536
                                  SHA-256:22458853DA2415F7775652A7F57BB6665F83A9AE9FB8BD3CF05E29AAC24C8441
                                  SHA-512:B2DFCFDEBF9596F2BB05F021A24335F1EB2A094DCA02B2D7DD1B7C871D5EECDA7D50DA7943B9F85EDB5E92D9BE6B6ADFD24673CE816DF3960E4D68C7F894563F
                                  Malicious:false
                                  Preview:CurD..........................@C..,M...................... K...C..PF..4@...........R...........C......TF...........M..DL...C.......S..........<M...c...................C...C...A..........hK...C...M.......... O......8...PC...C..........@E...............E..............`.......pX...O...........B...C.......O...D..............,J..........................................@J..............XO..........................................0C...........................O...........................................M.......A...............................................................C...O...................................................................O..........TK...........R...O..............8C...........................P.................. C..............................................`C..........PK...............J......0F..pE...................................Q...............................R.......Q...........c...Q...................................................................................C
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Java archive data (JAR)
                                  Category:dropped
                                  Size (bytes):2282861
                                  Entropy (8bit):7.951223313727943
                                  Encrypted:false
                                  SSDEEP:49152:ABSxAmHHJwEu4l3Dyz7oQHeNHJJ2aAvfZc:ABEtHHaEuI3Dy3oQH2pFAvW
                                  MD5:2388C4C8D5F95E0379A8997C7C2492F4
                                  SHA1:906BF87EB1D8881ABADBF93A3C4BBA7887CA2A01
                                  SHA-256:A1FD508EACF76645EB0885B243B5DD14239F1E039E8B53ED038226DF91A30539
                                  SHA-512:2CCE11A5F97DF842964B55408FCF1EC84C0CD561E664ABA3A51275EAFE59D7C920FCFD954C527DA4D53ACB191200CC64BF8150A33BCB9B038F36ADB2CC69B1A1
                                  Malicious:false
                                  Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/oracle/PK...........H................com/oracle/deploy/PK...........H................com/oracle/deploy/update/PK...........H................com/sun/PK...........H................com/sun/applet2/PK...........H................com/sun/applet2/preloader/PK...........H............ ...com/sun/applet2/preloader/event/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/appcontext/PK...........H................com/sun/deploy/association/PK...........H............#...com/sun/deploy/association/utility/PK...........H................com/sun/deploy/cache/PK...........H................com/sun/deploy/config/PK...........H................com/sun/deploy/jardiff/PK...........H................com/sun/deploy/model/PK.....
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                  Category:dropped
                                  Size (bytes):14156
                                  Entropy (8bit):5.649187440261259
                                  Encrypted:false
                                  SSDEEP:48:E84SHTDIbZI+R9ufdITe3MPu20DguN9P5YOinvYrJJ0JKP/U8HtK8NJO8lJi8VJb:kld6uQZ9P5dTC7IjZUkPmpaemFqKs8n
                                  MD5:91052ADB799AEF68EA76931997C40CE4
                                  SHA1:19255B8E335C22A171C26148099191708C99EE7A
                                  SHA-256:61D1382375238F90E2E4EE2AF985D978F1409E01B38080E710DF4ACB2897E63B
                                  SHA-512:39BAA49A1CEF533E5D3FFF1A86BC72CB346A6BF1928A9D8B505EBA09A4AB1506400234DE78BDFD925821F0A690B8887BD004A18CC64337DEB666CC2509DEE5DA
                                  Malicious:false
                                  Preview:PK........$..H............'...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/UT....GjW.GjWux.............PK........#..H................{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/UT....GjW.GjWux.............PK........#..H............6...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/UT....GjW.GjWux.............PK........#..H............>...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/UT....GjW.GjWux.............PK........#..H...V........H...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.jsUT....GjW.GjWux.............const gJavaConsole1_8_0_101 = {...id.: "javaconsole1.8.0_101",...mimeType: "application/x-java-applet;jpi-version=1.8.0_101",...install.: function() {...window.addEventListener("load",this.init,false);..},...init.: function() { ...if (navigator.mimeTypes[gJavaConsole1_8_0_101.mimeType]) {....var toolsPopup = document.getElementById("menu_ToolsPopup");.....toolsPopup.addEventListener("popupshowing",gJavaConsole1_8_0_101.enable,false)
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2917
                                  Entropy (8bit):4.838706790124659
                                  Encrypted:false
                                  SSDEEP:48:KaDMJ9TmsHDmDDCDP2un8YzgKe1E13Tstub22tTeF/Qi/WRtAXikTzgaENZzT3JI:KaD+9TmAe29vBotubbt2Oz+ENlbJI
                                  MD5:2EB9117D147BAA0578E4000DA9B29E12
                                  SHA1:3D297ECF3D280D4AA3D1423E885994495243F326
                                  SHA-256:B8D9C69FF7F4832A9B365D4A43CF66DFF9847051752B13EEDF024CAA9C1EF46B
                                  SHA-512:C3F7730767941B3C8F6F53D4686E9F898D1907D978F6D1FA35BA02C3FCD8306335406A5F9ABAA844F27F7AFD9E548810BECB9EC3E6B84888EA5EAC57B6ED6FDB
                                  Malicious:false
                                  Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internal error, unknown message..error.badinst.nojre=Bad installation. No JRE found in configuration file..error.launch.execv=Error encountered while invoking Java Web Start (execv)..error.launch.sysexec=Error encountered while invoking Java Web Start (SysExec) ..error.listener.failed=Splash: sysCreateListenerSocket failed..error.accept.failed=Splash: accept failed..error.recv.failed=Splash: recv failed..error.invalid.port=Splash: didn't revive a valid port..error.read=Read past end of buffer..error.xmlparsing=XML Parsing error: wrong kind of token found..error.splash.exit=Java Web Start splash screen process exiting .....\n..# "Last WinSock Error" means the error message for the last operation that failed...error.winsock=\tLast WinSock Error: ..error.winsock.load=Couldn't load winsock.dll..error.winsock.start
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with very long lines (1345), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3338
                                  Entropy (8bit):4.919780187496773
                                  Encrypted:false
                                  SSDEEP:48:WvaqyL1nlrDtzh5+VN9JrnjXyv6jq/YgKe1h/KZkCUdr5pAvA1t2CPTOsdIamy:txrj5Snk6+wuir25pAvAv2ITOsd9
                                  MD5:FF9CFEE1ACFCD927253A6E35673F1BB7
                                  SHA1:957E6609A1AF6D06A45A6F7B278BE7625807B909
                                  SHA-256:E130FBD5FA378A380F46F42981F2C97BC152059C27120204AB4DA47079D31513
                                  SHA-512:F42601092436D7AF30CCD81126185232D9D643B195D3D4619AEC451E3E2A60E33E6378E770DD1A4CDF7AB20CB749371665A992CA73D2842A7102F3FB34B6B9EB
                                  Malicious:false
                                  Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=interner Fehler, unbekannte Meldung..error.badinst.nojre=Ung\u00FCltige Installation. Keine JRE in Konfigurationsdatei gefunden..error.launch.execv=Fehler beim Aufrufen von Java Web Start (execv) aufgetreten..error.launch.sysexec=Fehler beim Aufrufen von Java Web Start (SysExec) aufgetreten..error.listener.failed=Startbildschirm: sysCreateListenerSocket nicht erfolgreich..error.accept.failed=Startbildschirm: accept nicht erfolgreich..error.recv.failed=Startbildschirm: recv nicht erfolgreich..error.invalid.port=Startbildschirm: Reaktivierung eines g\u00FCltigen Ports nicht m\u00F6glich..error.read=\u00DCber Pufferende hinaus gelesen..error.xmlparsing=XML-Parsefehler: Falscher Tokentyp gefunden..error.splash.exit=Prozess f\u00FCr Startbildschirm von Java Web Start wird beendet.....\n..# "Last WinSock Error" mean
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with very long lines (1475), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3632
                                  Entropy (8bit):4.776451902180833
                                  Encrypted:false
                                  SSDEEP:96:KHelXJn5woLUosi30hrleaRSfvlBY0CQ1Z:KHelNTAxFtlE/71Z
                                  MD5:72BDAE07C5D619E5849A97ACC6A1090F
                                  SHA1:9FC8A7A29658AC23A30AB9D655117BB79D08DC3B
                                  SHA-256:821A3452ECB9F29BCEC16C0B39FB668C2CC30C7F7283B34BFC5400040723892B
                                  SHA-512:67F0D1D60012B5598864B68612AA488AF1B5876FF5F347CD98ABCF1E3C0D267CF0354D5085BF12B0A09C6EF124FD0117CD16FCC032DA2B195D45BAB19740BB78
                                  Malicious:false
                                  Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=Error interno, mensaje desconocido..error.badinst.nojre=Instalaci\u00F3n incorrecta. No se ha encontrado JRE en el archivo de configuraci\u00F3n..error.launch.execv=Se ha encontrado un error al llamar a Java Web Start (execv)..error.launch.sysexec=Se ha encontrado un error al llamar a Java Web Start (SysExec) ..error.listener.failed=Pantalla de Presentaci\u00F3n: fallo de sysCreateListenerSocket..error.accept.failed=Pantalla de Presentaci\u00F3n: fallo de accept..error.recv.failed=Pantalla de Presentaci\u00F3n: fallo de recv..error.invalid.port=Pantalla de Presentaci\u00F3n: no se ha activado un puerto v\u00E1lido..error.read=Lectura m\u00E1s all\u00E1 del final del buffer..error.xmlparsing=Error de an\u00E1lisis de XML: se ha encontrado un tipo de token no v\u00E1lido..error.splash.exit=Saliendo del proceso d
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with very long lines (1575), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3441
                                  Entropy (8bit):4.832330268062187
                                  Encrypted:false
                                  SSDEEP:48:KE2CXpRLJDNXQC6tNaEGBlu9hUv5//zEvDiwkISAyHgKe1p6KF/uoYuh1LNRtS0f:KERXlp6tN1VHq1Kt1S4x8Xi
                                  MD5:FFE3CC16616314296C3262B0A0E093CD
                                  SHA1:198DD1C6E6707C10AE74A1C42E8A91C429598F3B
                                  SHA-256:3941736BEF6A8E53D002B6B67ECE4793C2F3F34BCC1ECB271684EB3F73FC4103
                                  SHA-512:CD3A9329F405CA14E11CDBB74D467B31A31530CBF00537B16FB23AEBC6C07EB268E9624FDBC997AA0CF4852DAC288E1D011E2FC392D71E25DBDF52E359BA9D4E
                                  Malicious:false
                                  Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erreur interne, message inconnu..error.badinst.nojre=Installation incorrecte. JRE introuvable dans le fichier de configuration..error.launch.execv=Erreur lors de l'appel de Java Web Start (execv)..error.launch.sysexec=Erreur lors de l'appel de Java Web Start (SysExec) ..error.listener.failed=Accueil : \u00E9chec de sysCreateListenerSocket..error.accept.failed=Accueil : \u00E9chec d'accept..error.recv.failed=Accueil : \u00E9chec de recv..error.invalid.port=Accueil : impossible de r\u00E9activer un port valide..error.read=Lecture apr\u00E8s la fin de tampon..error.xmlparsing=Erreur d'analyse XML : type incorrect de jeton..error.splash.exit=Le processus d'affichage de l'\u00E9cran d'accueil de Java Web Start est en cours de fermeture...\n..# "Last WinSock Error" means the error message for the last operation that
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with very long lines (1392), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3255
                                  Entropy (8bit):4.7050139579578145
                                  Encrypted:false
                                  SSDEEP:48:KTi+qOaVUVVMsD/B0FN5+eADELDHxhdpHgKe1uo265eLaqMQ6URhmwgFs+ur60:KJBa2VtzeDLDRhd5A26+7RhZgR0
                                  MD5:BF5E5310B2DCF8E8B3697B358AD4446D
                                  SHA1:C746AC1F46F607FA8F971BEA2B6853746A4FB28D
                                  SHA-256:CC9AD73957535011EE2376C23DE2C2597F877ACEBA9173E822EE79AAD3C4E9E6
                                  SHA-512:B6C61D38B0ACC427B9B2F4C19DABD7EACBE8EEA6B973FD31B3555C4C5B3FFAF1CA036B730359346F57223B44CCE79E04A6D06BBC13C6F7DD26ED463776BB6DCC
                                  Malicious:false
                                  Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=errore interno, messaggio sconosciuto..error.badinst.nojre=Installazione errata. Impossibile trovare il JRE nel file di configurazione..error.launch.execv=Errore durante la chiamata di Java Web Start (execv)..error.launch.sysexec=Errore durante la chiamata di Java Web Start (SysExec) ..error.listener.failed=Apertura: sysCreateListenerSocket non riuscito..error.accept.failed=Apertura: accept non riuscito..error.recv.failed=Apertura: recv non riuscito..error.invalid.port=Apertura: impossibile identificare una porta valida..error.read=Tentativo di lettura dopo la fine del buffer..error.xmlparsing=Errore durante l'analisi XML: trovato un tipo di token errato..error.splash.exit=Uscita dal processo di schermata iniziale di Java Web Start in corso...\n..# "Last WinSock Error" means the error message for the last oper
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with very long lines (2924), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):6381
                                  Entropy (8bit):4.5983590678211135
                                  Encrypted:false
                                  SSDEEP:96:Mu7cepcgD8do+O2D+k8/RJFGQcHGqo72hzEflA44CAmIbIC3j5pN/o8woJe:PctgYqhTYzG2O
                                  MD5:D830FC76BDD1975010ECE4C5369DADF8
                                  SHA1:D8CC3F54325142EFA740026E2BC623AFE6F3ACB5
                                  SHA-256:11E886336BA51A9044AB1A87C60CEEE34C29BB724E06A16968D31531A7001064
                                  SHA-512:7B867A50A811FBD7FFDAD0B729CA4501E16386EE5C4940A4CF9A805767CC0D10F7E3BDFD6A60204D79292D778D93E3BD915368AC0E9453BBB1010ADFD9655F0F
                                  Malicious:false
                                  Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u30A8\u30E9\u30FC\u3001\u4E0D\u660E\u306A\u30E1\u30C3\u30BB\u30FC\u30B8..error.badinst.nojre=\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u304C\u6B63\u3057\u304F\u3042\u308A\u307E\u305B\u3093\u3002\u69CB\u6210\u30D5\u30A1\u30A4\u30EB\u5185\u306BJRE\u304C\u3042\u308A\u307E\u305B\u3093..error.launch.execv=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(execv)..error.launch.sysexec=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(SysExec) ..error.listener.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: sysCreateListenerSocket\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.accept.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: accept\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.recv.fai
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with very long lines (2601), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):5744
                                  Entropy (8bit):4.781504394194986
                                  Encrypted:false
                                  SSDEEP:96:GhymCk3kjLqgz9RkfrsEW/p9M32i0HkZr+ywc8b8+/moD7yct070DL70Dm:Dm5kLfIErMbT/44in
                                  MD5:64DE22212EE92F29BCA3ACED72737254
                                  SHA1:C4DBC247043578CCF9CD8DAB652D096703D5B26E
                                  SHA-256:292696C94D5FD0BF2FF4AF9E4D363BFCBE888D2E65BD18A20CF71081FB1C9B0D
                                  SHA-512:CA33C75B66D8B5316B1C3ED41A9A14DD8611A3BB9B26EFDC7F468250696D515CF1E966831975C9ABDC33E9A1C59167FE79BA547592D2A04997E1342433E7B628
                                  Malicious:false
                                  Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\uB0B4\uBD80 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC54C \uC218 \uC5C6\uB294 \uBA54\uC2DC\uC9C0\uC785\uB2C8\uB2E4...error.badinst.nojre=\uC124\uCE58\uAC00 \uC798\uBABB\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uAD6C\uC131 \uD30C\uC77C\uC5D0\uC11C JRE\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4...error.launch.execv=Java Web Start(execv)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4...error.launch.sysexec=Java Web Start(SysExec)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. ..error.listener.failed=\uC2A4\uD50C\uB798\uC2DC: sysCreateListenerSocket\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.accept.failed=\uC2A4\uD50C\uB798\uC2DC: \uC2B9\uC778\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.r
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with very long lines (1319), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3317
                                  Entropy (8bit):4.869662880084367
                                  Encrypted:false
                                  SSDEEP:48:3c6BeKTDcUsLYg9tStwmx+supWBxKy0HgKe1u6K0NCMc6MTNTjtA7NZdlw7ZHAW:3c6fbEf1mxPuUBxKy4va+mZdlw7Z7
                                  MD5:4078691AB22C4F0664856BE0C024A52F
                                  SHA1:6247FC05DE429F65DC4E1356C4715DC51F43B98F
                                  SHA-256:6869B27B12B99C9D169B3E018284BE0F7631DBDF2DDD5F4EA5B1A458736FDFDF
                                  SHA-512:BB02765F69E23C732C790EB994800C83BB8EFE7FF8CE0BCDC475EC5A29CEF5A33A5513AB1A7DC9F0F066B807A0980C41EC0037710873A32BD2952DBED79D24CA
                                  Malicious:false
                                  Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erro interno, mensagem desconhecida..error.badinst.nojre=Instala\u00E7\u00E3o incorreta. Nenhum JRE encontrado no arquivo de configura\u00E7\u00E3o..error.launch.execv=Erro encontrado ao chamar Java Web Start (execv)..error.launch.sysexec=Erro encontrado ao chamar Java Web Start (SysExec) ..error.listener.failed=Tela Inicial: falha em sysCreateListenerSocket..error.accept.failed=Tela Inicial: falha na fun\u00E7\u00E3o accept..error.recv.failed=Tela Inicial: falha na fun\u00E7\u00E3o recv..error.invalid.port=Tela Inicial: n\u00E3o reativou uma porta v\u00E1lida..error.read=Ler ap\u00F3s o final do buffer..error.xmlparsing=Erro durante o parsing de XML: tipo incorreto de token encontrado..error.splash.exit=Saindo do processamento da tela inicial do Java Web .....\n..# "Last WinSock Error" means the error message
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with very long lines (1386), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3441
                                  Entropy (8bit):4.927824210480987
                                  Encrypted:false
                                  SSDEEP:96:KYD1QNsQZ/lmo8ZuLgdBGpv3JRJ/7coh91XlK7Q/vm2QAfO:9D1+sCmapce1KGm2QIO
                                  MD5:81BBDEA4DC9803A6EB78CE7D5CA018ED
                                  SHA1:9AAF012276AD89CE7273CF5F0BE4C95B72D906AB
                                  SHA-256:565B8FF1F31784378884D9D7468FFDFDDA5B001ACB5BB393A5006AC19BE4E67A
                                  SHA-512:310017DD27C91C492188737494DA04CAB241D0BF4E91326AFB4A3F98CBFF78A6C0BBC14EC7E883597E9D506FAA80BA4E9A25B5F46BFD2543850323061E829A84
                                  Malicious:false
                                  Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internt fel, ok\u00E4nt meddelande..error.badinst.nojre=Felaktig installation. Ingen JRE har hittats i konfigurationsfilen..error.launch.execv=Ett fel intr\u00E4ffade under starten av Java Web Start (execv)..error.launch.sysexec=Ett fel intr\u00E4ffade under starten av Java Web Start (SysExec) ..error.listener.failed=V\u00E4lkomstsk\u00E4rm: sysCreateListenerSocket utf\u00F6rdes inte..error.accept.failed=V\u00E4lkomstsk\u00E4rm: kunde inte accepteras..error.recv.failed=V\u00E4lkomstsk\u00E4rm: kunde inte mottaga..error.invalid.port=V\u00E4lkomstsk\u00E4rm: \u00E5terskapade inte en giltig port..error.read=L\u00E4ste f\u00F6rbi slutet av bufferten..error.xmlparsing=XML-tolkningsfel: fel typ av igenk\u00E4nningstecken hittades..error.splash.exit=Java Web Start - v\u00E4lkomstsk\u00E4rmen avslutas .....\n..# "Last
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with very long lines (1857), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):4104
                                  Entropy (8bit):5.04197285715923
                                  Encrypted:false
                                  SSDEEP:96:Me7R8zl0Zf4z3X4Gv2hEpeStEKADydYL1WfK0eSm91j7:1R8pOfWHJvOJT1WPtK1j7
                                  MD5:823D1F655440C3912DD1F965A23363FC
                                  SHA1:50B941A38B9C5F565F893E1E0824F7619F51185C
                                  SHA-256:86663DED105B77261C0556468A93BC8666A094B918299A61AF0A8E30F42019C7
                                  SHA-512:1EBF989D2121CF05FFC912B9B228C4D4523763EB1A689EC74568D811C88DCF11032FFC8007BB24DAF7D079B580662B77D94B4B8D71A2E891EF27979FF32CD727
                                  Malicious:false
                                  Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u9519\u8BEF, \u672A\u77E5\u6D88\u606F..error.badinst.nojre=\u9519\u8BEF\u5B89\u88C5\u3002\u914D\u7F6E\u6587\u4EF6\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u8C03\u7528 Java Web Start (execv) \u65F6\u9047\u5230\u9519\u8BEF..error.launch.sysexec=\u8C03\u7528 Java Web Start (SysExec) \u65F6\u9047\u5230\u9519\u8BEF..error.listener.failed=\u542F\u52A8\u5C4F\u5E55: sysCreateListenerSocket \u5931\u8D25..error.accept.failed=\u542F\u52A8\u5C4F\u5E55: \u63A5\u53D7\u5931\u8D25..error.recv.failed=\u542F\u52A8\u5C4F\u5E55: recv \u5931\u8D25..error.invalid.port=\u542F\u52A8\u5C4F\u5E55: \u672A\u6062\u590D\u6709\u6548\u7AEF\u53E3..error.read=\u8BFB\u53D6\u8D85\u51FA\u7F13\u51B2\u533A\u7ED3\u5C3E..error.xmlparsing=XML \u89E3\u6790\u9519\u8BEF: \u53D1\u73B0\u9519\u8BEF\u7684\u6807\u8BB0\u7C7B\u578B..error.s
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3784
                                  Entropy (8bit):5.17620120701776
                                  Encrypted:false
                                  SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                                  MD5:4287D97616F708E0A258BE0141504BEB
                                  SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                                  SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                                  SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                                  Malicious:false
                                  Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):3784
                                  Entropy (8bit):5.17620120701776
                                  Encrypted:false
                                  SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                                  MD5:4287D97616F708E0A258BE0141504BEB
                                  SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                                  SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                                  SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                                  Malicious:false
                                  Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:GIF image data, version 89a, 320 x 139
                                  Category:dropped
                                  Size (bytes):8590
                                  Entropy (8bit):7.910688771816331
                                  Encrypted:false
                                  SSDEEP:192:91m4OqvVyG+LMIcBc2qPjHmxJCCG/h97dIYhOX:9/OqdivcqzjH3tfDE
                                  MD5:249053609EAF5B17DDD42149FC24C469
                                  SHA1:20E7AEC75F6D036D504277542E507EB7DC24AAE8
                                  SHA-256:113B01304EBBF3CC729A5CA3452DDA2093BD8B3DDC2BA29E5E1C1605661F90BE
                                  SHA-512:9C04A20E2FA70E4BCFAC729E366A0802F6F5167EA49475C2157C8E2741C4E4B8452D14C75F67906359C12F1514F9FB7E9AF8E736392AC8434F0A5811F7DDE0CB
                                  Malicious:false
                                  Preview:GIF89a@................................................FFF...T..W..V..Is.Kv.W..W..U..Hr.P|.O{.Mx.Gq.Jt.Fo.Fp.V..U..Gp.T..Lw.P|.R..Q~.S..S..Nz.Lw.Hq.Ju.X..V..Lx.It.U..Hs.Ny.Nz.P}.R~.S..R~.R..Q}.Q}.My.Lv.It.O{.Ku.My.Oz.Gp.Gq.Hr.....................WWW.........Ry.uuu............i......ggg...]..................{..y..d..........Sz................s............i...............c............v.....X........r...........]........^........p.....z.........r..Y..l..m...............]................Mu........Qw.Nw.........v.....b..j.......V}.]........d.....k........v........Lu....S|.U{.Oy................W........Lv.U..R}.....Nv.Gp.Nx.Ks....Jr....Hq......V~.T..S~.Z.....Gq.O{.......W..Qz.......Lw.Z.....T...........S~....Lt.Kv....V.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:GIF image data, version 89a, 640 x 278
                                  Category:dropped
                                  Size (bytes):15276
                                  Entropy (8bit):7.949850025334252
                                  Encrypted:false
                                  SSDEEP:192:onqkbSDLFgIBL0IgyZCE/oIuuemXclVO/HemZ8GbRdziHm6tIclW3ZYvvebtssZn:lKMLWkpgy8sdsnOmEyPLaYoauAdI
                                  MD5:CB81FED291361D1DD745202659857B1B
                                  SHA1:0AE4A5BDA2A6D628FAC51462390B503C99509FDC
                                  SHA-256:9DD5CCD6BDFDAAD38F7D05A14661108E629FDD207FC7776268B566F7941E1435
                                  SHA-512:4A383107AC2D642F4EB63EE7E7E85A8E2F63C67B41CA55EBAE56B52CECFE8A301AAF14E6536553CBC3651519DB5C10FC66588C84C9840D496F5AE980EF2ED2B9
                                  Malicious:false
                                  Preview:GIF89a..............................................FFF...W..V..Is.Hr.W..W..U..P|.T..Kv.O{.V..Mx....S..Fp.Jt.Lw.Gp.Gq.Lw.U..T..R..Q~.Fo.Nz.R~.R..Q}.My.Ju.It.Oz.Gp.Nz.Gq.V..Ny.Hq.P|.P}.S..S..S..Q}.Ku.Ku.Hr.Lx.X..Mx.It.U..Is.Hs.T..O{.R~.T..O{.Kv.My.Lv..........i...........]..WWWu...........ggguuut.......................................Ry.......{..............b..........................^..l.................X}....a..{.....c..................v..m........T{.f.....l........X.........................j..U|...........`........j..g..U~........^.....Qz.Jr.Nw.p.....v.....p.....Gp....r..Mt.......y..q.....]..Nv............Tz.Y.....[.....Pw....Ox..............X.....Y..X..W..V..S|............Mx....Mv.Kt.U..Hq.Lv.W.....Mu.i..Q{.Gq.Lt.S~.T..U..Kv................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:GIF image data, version 89a, 320 x 139
                                  Category:dropped
                                  Size (bytes):7805
                                  Entropy (8bit):7.877495465139721
                                  Encrypted:false
                                  SSDEEP:96:S88k2wenvMs3iHrSI3yy73VWOcaJpGvrrXqJBcqgbf5bD0jmzDBoqCN2IWsyh:SFHhs73n73V4airrXq41Ll3vBmN2YU
                                  MD5:9E8F541E6CEBA93C12D272840CC555F8
                                  SHA1:8DEF364E07F40142822DF84B5BB4F50846CB5E4E
                                  SHA-256:C5578AC349105DE51C1E9109D22C7843AAB525C951E312700C73D5FD427281B9
                                  SHA-512:2AB06CAE68DEC9D92B66288466F24CC25505AF954FA038748D6F294D1CFFB72FCC7C07BA8928001D6C487D1BF71FE0AF1B1AA0F35120E5F6B1B2C209BA596CE2
                                  Malicious:false
                                  Preview:GIF89a@...................................{...........c.....P|.l.....].............Ry.........S{.i.....U~........................uuuV..b........T.....WWW}..R~.......Hr.v..T|.It..........n.............e..f.....].........Hq.`........Y.....i..r.._..l...........]..Y.....v..................s..f.....z.....\........Jr.r.....................i..e.....p.....Y..m........Z..Sz.Ow....Y..Nx.{..w..Jr.T..R}....Pw.Lt.s..`..W..W..Lv...........................................FFF...W..V..Is.Kv.W..W..U..Hr.O{.Mx.Jt.Gq.Fp.Gp.Lw.Fo.U..T..Q~.R..P|.Lw.S..S..Ju.Nz.V..X..V..U..Ny.Hs.My.Ku.My.Q}.R~.P}.Q}.R..S..S..O{.Oz.Lx.Nz.Lv.It.Gp.Gq....ggg.....................S...............S|....Gp........Mw.S~.Px.Nz.Pz.......Lt.Kv.a.....V.....r.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:GIF image data, version 89a, 640 x 278
                                  Category:dropped
                                  Size (bytes):12250
                                  Entropy (8bit):7.901446927123525
                                  Encrypted:false
                                  SSDEEP:192:Zzv4QPei/ueMFJ2M4xSGb/xGEyddpTa7Kv9I1BDc3KR3q6xmwJePYueHjAPZKGMr:5vTWvmxSGbkpTaYe1dc3KR3q7wJsOHmu
                                  MD5:3FE2013854A5BDAA488A6D7208D5DDD3
                                  SHA1:D2BFF9BBF7920CA743B81A0EE23B0719B4D057CA
                                  SHA-256:FC39D09D187739E580E47569556DE0D19AF28B53DF5372C7E0538FD26EDB7988
                                  SHA-512:E3048E8E0C22F6B200E5275477309083AA0435C0F33D1994C10CE65A52F357EE7CF7081F85C00876F438DFA1EE59B542D602287EC02EA340BFDF90C0C6ABD548
                                  Malicious:false
                                  Preview:GIF89a.......{.....k......{...........P|.b..V......................Hr.Hq.......................]...........X...........f.............i............R~....u..It.u.....l..T~.......Qz.......^..Q~....i.......b.............Qx.Y..Y.....q..p.....v..............a..U|......T..Y........................^..n........f.....Tz.e..j..f..Ox.p..Y~.Ov.......y..Z..h.....l.....W.....w.....R|.p.....X~.a........Pw.Ks.Ir.......^.....Kt.FFF\........Ox...........W..U..Nw.Mu.W..V..Is.V..Hr.R~.W..W..U..T..O{.Kv.Gp.S..Mx.Lw.Fp.Lw.U..T..Jt.R..Gq.Fo.Ju.My.R..Q}.R~.Nz.Oz.It.Nz.V..V..Gp.Ny.Ku.P|.Ku.Gq.P}.S..Q}.S..S..Is.Lx.U..O{.Hs.T..O{.My.Mx.Kv.Lv............iii...YYY.............xxx........._.....U..Gp.U..Lv.Mw....Oz......S|.S}.Hq.\..Kv....Mv.P{.W..T........Mw.T.....Nz.q..Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Java archive data (JAR)
                                  Category:dropped
                                  Size (bytes):187736
                                  Entropy (8bit):7.79606817499301
                                  Encrypted:false
                                  SSDEEP:3072:9Mxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBgvH6:ONduOJv29amxGiDtonI87aGBgva
                                  MD5:13794986CA59819F6AF7BD70022D7F8F
                                  SHA1:6C5609CD023EB001DC82F1E989D535CD7AD407EE
                                  SHA-256:AF555DD438214DCD68D55EBDDCC0A05BF47DEF0EFD9920E3955D11CC2623628E
                                  SHA-512:2E3C4E76FD911EFF5F6983D6D7FBB0F998E5FB0BFE11921A83AC9F19BFB0C28B157354F1AC790094C354845025AB42F5A921FDDF2A780497431F3912D7D3E518
                                  Malicious:false
                                  Preview:PK........z..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Java archive data (JAR)
                                  Category:dropped
                                  Size (bytes):187727
                                  Entropy (8bit):7.7958934328326075
                                  Encrypted:false
                                  SSDEEP:3072:aMxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBPlHl:nNduOJv29amxGiDtonI87aGBPlF
                                  MD5:82C16750374D5CCA5FDAA9434BAF8143
                                  SHA1:9B49F07BFB6F4AE73EB9B2FADCAE46E02E31F023
                                  SHA-256:1F0966EBD65544669395E9F490A3D397DCF122D5261566734BB422C68CFE64B8
                                  SHA-512:12A32FBE2A0A824EC33BD6D0A22066C0CB74D13EEBC16622FFE420CD48B4EB5878C981384DEBE30285D6231B3224E5CD2380C22D8C18624E52E5C74B62221661
                                  Malicious:false
                                  Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Java archive data (JAR)
                                  Category:dropped
                                  Size (bytes):3860522
                                  Entropy (8bit):7.9670916513081735
                                  Encrypted:false
                                  SSDEEP:98304:PI1SwP9utPgTIb0bxSxwF1nNZVdEILeH9IIyYNO4Inwz:PI1HYgkoxSxI9fs4UVIwz
                                  MD5:AE86774D28F1C8270A9BCBD12A9A1865
                                  SHA1:7806C70550F435C2C87D2D15E427E5A9F97774E4
                                  SHA-256:0402FBCB23D381DEDE4DF4228F2D100D8693C5B3BAB885AB5EB98BCC0A269786
                                  SHA-512:2EA1E0372A087915FFFCCA2DEFC817C37BD038B02824BFEC1DA4E881A4C908A93AEB37DAA38840F75BCEAFD02EC09088FE648B0305DA0407E93407EAC770BE63
                                  Malicious:false
                                  Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.q.B........E..%.).N. e.z.......E..9....E..E.%@...\.\.PK...n..N...Z...PK...........H................sun/text/resources/cldr/aa/FormatData_aa.classmPMO.@.}........(.@..xB....!b,1i8..6X..I.5._.'.....(..".9.yy3.f?..?..`?...*6T.5l....aG......=...mqN.......t...:6g.;`^....d.L..\0.|.b...w&.....c.;...8%H...........RqA.......b. ..p./G......B0..K.Sx6...>4\....Zy.!..".R.N....T....=..c~d.7...3(5.<.....a;F....\....a8@..a.@..d^.]YV"k....U...2'#...rX.K...ue...O....bZ.:CB...jZ.]3...2M.s....3}.ct%.GV..PK...]..d.......PK...........H................sun/text/resources/cldr/af/FormatData_af.classuV.x[W.>...a[y......R.+-..K].I.4..(...b.=....a.h...({..B!...{.U......w../...y...?.;w>.u..w..A.......xE.nFxe.nAx...^.p+.k.^..z.7 ...M.oFx..[...v.3..!.....Bx7.{.nGx/....@x?...."..A..!|....G.>..1..#|....B......A.,...>..../"|...._A.*........o"|.....A...........".
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {2335A60F-1FC1-4624-8660-7FF24B44E22A}, Number of Words: 10, Subject: New Ar 3, Author: New Ar 3, Name of Creating Application: New Ar 3, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o New Ar 3., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Aug 20 16:46:26 2024, Last Saved Time/Date: Tue Aug 20 16:46:26 2024, Last Printed: Tue Aug 20 16:46:26 2024, Number of Pages: 450
                                  Category:dropped
                                  Size (bytes):67692544
                                  Entropy (8bit):7.9938526512443335
                                  Encrypted:true
                                  SSDEEP:1572864:EzvXF+e76KJ9I4OzKvmTq4aMh6zGORvApErPLpcNRc3xBKCU9:iP5J9I9GWhC7vApEXNC19
                                  MD5:D65F0B1D9D478F6785EDAECE2F04B92A
                                  SHA1:CDA3AD0A0C7C1C95497E2654978ED197E21C688F
                                  SHA-256:2A7A97FE1B769F2B74EBD66C447708F5B5BEB60BAD5A53D05D7F428770BA2F62
                                  SHA-512:CBBBC85BE36B465B65AF37F401D3F27ED1FA633BB8617EA10260AA80253E21EE3881887EB20D82494CD1EACDE845C1C8CCB9D664A929FECE9A6A6EAC44EF4D7D
                                  Malicious:false
                                  Preview:......................>...........................................}...........J.......f.......s...............................................................i.......&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...{...............6...............................)...8........................................................................... ...!..."...#...$...%...&...'...(...0...*...+...,...-......./...5...1...2...3...4...9...7.......@...D...:...;...<...=...>...?...B...A...C...N.......E...F...G...H...I...Y.......L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):925800
                                  Entropy (8bit):6.5962529078695535
                                  Encrypted:false
                                  SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                  MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                  SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                  SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                  SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                  Malicious:false
                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):925800
                                  Entropy (8bit):6.5962529078695535
                                  Encrypted:false
                                  SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                  MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                  SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                  SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                  SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                  Malicious:false
                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):925800
                                  Entropy (8bit):6.5962529078695535
                                  Encrypted:false
                                  SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                  MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                  SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                  SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                  SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                  Malicious:false
                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):925800
                                  Entropy (8bit):6.5962529078695535
                                  Encrypted:false
                                  SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                  MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                  SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                  SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                  SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                  Malicious:false
                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):925800
                                  Entropy (8bit):6.5962529078695535
                                  Encrypted:false
                                  SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                  MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                  SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                  SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                  SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                  Malicious:false
                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):47601
                                  Entropy (8bit):5.470785752405066
                                  Encrypted:false
                                  SSDEEP:384:mrOY3MwH3OYOiCfFcW4Xc70J6CjpdvUlTODxdIz6DGKyHVn00QDLzWbFEqApywN8:mrtpHv5ujChhl8AHDx3z45
                                  MD5:9756E4C42D479BA11E23DB7B344E1649
                                  SHA1:9A7307C493A52F6580D87165BEC782F3046CCEC3
                                  SHA-256:B30B0DDFF67D2A321BDF8C9D3C714E21C1C49C44797561D0160AC9539C136732
                                  SHA-512:D000F6A28994FD4574BB0EEED5561290F774E96DC60D4DF943BD25DE59D8742A468CFD461A8AEF96050E049CEA75B1ABFD4BA2FF86DB8D0660E39A00178A040E
                                  Malicious:false
                                  Preview:...@IXOS.@.....@.s.Y.@.....@.....@.....@.....@.....@......&.{A8DC4BBE-5C2B-4373-AA6E-A0898522FA98}..New Ar 3..PGCTGZXFCD20242008.msi.@.....@.....@.....@........&.{2335A60F-1FC1-4624-8660-7FF24B44E22A}.....@.....@.....@.....@.......@.....@.....@.......@......New Ar 3......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]...@.......@........ProcessComponents%.Atualizando o registro de componentes...@m....@.....@.]....&.{9DF256DC-2E1B-4AE9-AD36-A853530ADE87}4.C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\.@.......@.....@.....@......&.{6FDAD8C4-AC91-47D5-B050-1E22F667AF36}&.01:\Software\New Ar 3\New Ar 3\Version.@.......@.....@.....@......&.{FD5E4EA6-884C-4125-99E8-220F38755F5C}A.C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\Data.exe.@.......@.....@.....@......&.{ACED1E9F-A8CC-4F0A-BF34-E62BC5D4F8A2}H.C:\Users\user\AppData\Roaming\New Ar 3\New Ar 3\dist\jre\bin\awt.dll.@.......@.....@.....@......&.{BEC4F991-
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Composite Document File V2 Document, Cannot read section info
                                  Category:dropped
                                  Size (bytes):20480
                                  Entropy (8bit):1.1686482657743638
                                  Encrypted:false
                                  SSDEEP:12:JSbX72FjJiAGiLIlHVRpRh/7777777777777777777777777vDHFK3M5+l0i8Q:JeQI5F8aF
                                  MD5:7DBA189878802FFA1853BFA398437865
                                  SHA1:830D95F7425B3FFD3C24A265CE0EC86E8557949C
                                  SHA-256:47B2406210120A8FD1B645224A28849A2521010A826F3A3B269425DCD1E012DC
                                  SHA-512:D109C266B0D613C91F0924309CA471C0C64CC7D3F508CCA11D5F86841BA537721ACB55A6E67C636CEB6F67F00774F41F6AABC8CE61365164239F3BC3BCD6E63B
                                  Malicious:false
                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Composite Document File V2 Document, Cannot read section info
                                  Category:dropped
                                  Size (bytes):20480
                                  Entropy (8bit):1.5364228344709994
                                  Encrypted:false
                                  SSDEEP:48:I8PhGuRc06WXJijT5S3nKVXNSLXTAEbCyIQuXNSLX/TxPG:XhG1ZjT0wxwCTqG
                                  MD5:986E9185C3A969C1AFC7B84F99716581
                                  SHA1:09C2076FB3876828849F7EAEB071E64CC9CE8F64
                                  SHA-256:C3B4DAD5A3C64035E477695237D92BA28DF7AFB6CAC66196FB6CD105EB9ADEF0
                                  SHA-512:D21D5608C8BCA38E6C108835C9F97B530BB41314AD78FEF83D0C4B09E8E0BF6311EC733E7C9874DD215454E9945F69BE4DACB217A82D14E1F44B85E9477DC5A1
                                  Malicious:false
                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):360001
                                  Entropy (8bit):5.362998862547261
                                  Encrypted:false
                                  SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauQ:zTtbmkExhMJCIpER
                                  MD5:B650B34F5194CB8C8F400CE1ED7D8A37
                                  SHA1:A5290FECA01B850FC145700FCB944658B1F9396A
                                  SHA-256:30755D11B2B21DB326EA410B468C201F001ADFD6DD5A98BA50FE198E2A3D2C9B
                                  SHA-512:D9C8BC8929A51D713FB69F9D13C8D3C1495888C830C539E4F34C0A5A57CE40595673E3AE8287A99335D10B37E26A7C22EC4F75F33FA548C6AFA2EAFEF3EE39CC
                                  Malicious:false
                                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):512
                                  Entropy (8bit):0.0
                                  Encrypted:false
                                  SSDEEP:3::
                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                  Malicious:false
                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):512
                                  Entropy (8bit):0.0
                                  Encrypted:false
                                  SSDEEP:3::
                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                  Malicious:false
                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Composite Document File V2 Document, Cannot read section info
                                  Category:dropped
                                  Size (bytes):20480
                                  Entropy (8bit):1.5364228344709994
                                  Encrypted:false
                                  SSDEEP:48:I8PhGuRc06WXJijT5S3nKVXNSLXTAEbCyIQuXNSLX/TxPG:XhG1ZjT0wxwCTqG
                                  MD5:986E9185C3A969C1AFC7B84F99716581
                                  SHA1:09C2076FB3876828849F7EAEB071E64CC9CE8F64
                                  SHA-256:C3B4DAD5A3C64035E477695237D92BA28DF7AFB6CAC66196FB6CD105EB9ADEF0
                                  SHA-512:D21D5608C8BCA38E6C108835C9F97B530BB41314AD78FEF83D0C4B09E8E0BF6311EC733E7C9874DD215454E9945F69BE4DACB217A82D14E1F44B85E9477DC5A1
                                  Malicious:false
                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Composite Document File V2 Document, Cannot read section info
                                  Category:dropped
                                  Size (bytes):32768
                                  Entropy (8bit):1.233985333976526
                                  Encrypted:false
                                  SSDEEP:48:B3OuLI+CFXJVT5K3nKVXNSLXTAEbCyIQuXNSLX/TxPG:tOptTswxwCTqG
                                  MD5:0CED71C69EB3EBBC205DE652A82B785A
                                  SHA1:6516246ADBE02572A612AC865AD3D44C6589247A
                                  SHA-256:4E140454B33DD973CEA0AF35C268DEB045C14D7227DB57040156F8B6BABDB417
                                  SHA-512:B0ED96B231CAD42E37CF91AABC642F6E5E386BBC6143DB4CB6920A4B929671BEBDD01B54FCFD1263D2D862F719DD71BB6AA35850D6F7D8CA91F5026F3D45342C
                                  Malicious:false
                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):32768
                                  Entropy (8bit):0.07499544571274289
                                  Encrypted:false
                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOuoIx9N37H4tAVky6l+:2F0i8n0itFzDHFK3M5+
                                  MD5:137EE89A22F861AA9D1E344FFFF1BEFF
                                  SHA1:8983E2475D4FC23D1BAB93236A5D85006E1A02FE
                                  SHA-256:419C5972C0B415990FBA5E0DD89E56CFB77D18CBC85DE4D317580A2DA1DC97D0
                                  SHA-512:59B26E14F79ADA40D7311A85A6E240360702F97A98D0034BFE6EF078668E7BCC4065E223871E4B8BF3A66326CC7A3BE760E4F0F7BDA60ACE69AADFC06FBB5368
                                  Malicious:false
                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):512
                                  Entropy (8bit):0.0
                                  Encrypted:false
                                  SSDEEP:3::
                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                  Malicious:false
                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:Composite Document File V2 Document, Cannot read section info
                                  Category:dropped
                                  Size (bytes):32768
                                  Entropy (8bit):1.233985333976526
                                  Encrypted:false
                                  SSDEEP:48:B3OuLI+CFXJVT5K3nKVXNSLXTAEbCyIQuXNSLX/TxPG:tOptTswxwCTqG
                                  MD5:0CED71C69EB3EBBC205DE652A82B785A
                                  SHA1:6516246ADBE02572A612AC865AD3D44C6589247A
                                  SHA-256:4E140454B33DD973CEA0AF35C268DEB045C14D7227DB57040156F8B6BABDB417
                                  SHA-512:B0ED96B231CAD42E37CF91AABC642F6E5E386BBC6143DB4CB6920A4B929671BEBDD01B54FCFD1263D2D862F719DD71BB6AA35850D6F7D8CA91F5026F3D45342C
                                  Malicious:false
                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\msiexec.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):73728
                                  Entropy (8bit):0.12688058470793134
                                  Encrypted:false
                                  SSDEEP:24:UtGCKePTxk40GNipVk40GDk40GNipVk40GTAEVkyjCyIQVgwGUE+2KRa:cGQPT3XNSLX9XNSLXTAEbCyIQsnKM
                                  MD5:0636583572B52A4DEBA692B985E578CD
                                  SHA1:4B5458ACA4D17EC307C5ED226AB78845253F4295
                                  SHA-256:410D6B92B38BC74B045E0FAEC32B34CDD5CF616C8FA173EB2C5896AA3E28B385
                                  SHA-512:5CFBED3502178979F80C7BCD4ED0811FC4225E94FDDD58E88C3DDAFB945B02954172FF91CBB9D08A5D8E15CA924D3CB121BD23E6BD1BFD232C0B9D14C093BDC3
                                  Malicious:false
                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {2335A60F-1FC1-4624-8660-7FF24B44E22A}, Number of Words: 10, Subject: New Ar 3, Author: New Ar 3, Name of Creating Application: New Ar 3, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o New Ar 3., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Aug 20 16:46:26 2024, Last Saved Time/Date: Tue Aug 20 16:46:26 2024, Last Printed: Tue Aug 20 16:46:26 2024, Number of Pages: 450
                                  Entropy (8bit):7.9938526512443335
                                  TrID:
                                  • Windows SDK Setup Transform Script (63028/2) 47.91%
                                  • Microsoft Windows Installer (60509/1) 46.00%
                                  • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                  File name:PGCTGZXFCD20242008.msi
                                  File size:67'692'544 bytes
                                  MD5:d65f0b1d9d478f6785edaece2f04b92a
                                  SHA1:cda3ad0a0c7c1c95497e2654978ed197e21c688f
                                  SHA256:2a7a97fe1b769f2b74ebd66c447708f5b5beb60bad5a53d05d7f428770ba2f62
                                  SHA512:cbbbc85be36b465b65af37f401d3f27ed1fa633bb8617ea10260aa80253e21ee3881887eb20d82494cd1eacde845c1c8ccb9d664a929fece9a6a6eac44ef4d7d
                                  SSDEEP:1572864:EzvXF+e76KJ9I4OzKvmTq4aMh6zGORvApErPLpcNRc3xBKCU9:iP5J9I9GWhC7vApEXNC19
                                  TLSH:CAE73372B19B8116EA6D5176A93AEE2F44BE7F73033140E737A4BE0B09F98D061B5503
                                  File Content Preview:........................>...........................................}...........J.......f.......s...............................................................i.......&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;..
                                  Icon Hash:2d2e3797b32b2b99
                                  No network behavior found

                                  Click to jump to process

                                  Click to jump to process

                                  Click to jump to process

                                  Target ID:0
                                  Start time:14:28:06
                                  Start date:20/08/2024
                                  Path:C:\Windows\System32\msiexec.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PGCTGZXFCD20242008.msi"
                                  Imagebase:0x7ff628360000
                                  File size:69'632 bytes
                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  Target ID:2
                                  Start time:14:28:07
                                  Start date:20/08/2024
                                  Path:C:\Windows\System32\msiexec.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\msiexec.exe /V
                                  Imagebase:0x7ff628360000
                                  File size:69'632 bytes
                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:false

                                  Target ID:3
                                  Start time:14:28:09
                                  Start date:20/08/2024
                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding E807D6F61E9082830029FEB9BC4A49AB
                                  Imagebase:0x400000
                                  File size:59'904 bytes
                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  No disassembly