Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CTGZXFCD179480408.msi

Overview

General Information

Sample name:CTGZXFCD179480408.msi
Analysis ID:1500450
MD5:efadb006e9fd7d8782e43bef2b67433d
SHA1:9480bd0be6c5b3251e311b1b5984089f2eb0eac2
SHA256:3c1aed8d9962dda98e0f08ce8ec2d42b0817c1dfd173d1e70e2f09ec8da4f7c5
Tags:147-45-116-5msi
Infos:

Detection

Score:25
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Creates autostart registry keys to launch java
Checks for available system drives (often done to infect USB drives)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 5880 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\CTGZXFCD179480408.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 2104 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 5344 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 3D762178AF352014197687C1EC823CB3 MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Windows\System32\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\msvcr100.dllJump to behavior
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: java-rmi.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb0 source: eula.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb source: java_crw_demo.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdbPfC source: javaws.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsdt\jsdt.pdb source: jsdt.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: ktab.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb source: fontmanager.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb@ source: fontmanager.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb98 source: java_crw_demo.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: dt_shmem.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb source: eula.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: javaws.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\deploy.pdb source: deploy.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: CTGZXFCD179480408.msi, MSICC5C.tmp.2.dr, MSICC2C.tmp.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: jjs.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: jp2launcher.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdbP*A source: jp2launcher.exe.2.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: jfxwebkit.dll.2.drString found in binary or memory: ftp://http://base%.20s%ddefault%d%.20scopying
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamer
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internal
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.This
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Your
Source: java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: jfxwebkit.dll.2.drString found in binary or memory: http://exslt.org/common
Source: jfxwebkit.dll.2.drString found in binary or memory: http://exslt.org/commonnode-setdata-typexsltDoSortFunction:
Source: jfxwebkit.dll.2.drString found in binary or memory: http://icl.com/saxon
Source: jfxwebkit.dll.2.drString found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drString found in binary or memory: http://ocsp.thawte.com0
Source: java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drString found in binary or memory: http://s2.symcb.com0
Source: java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drString found in binary or memory: http://sv.symcd.com0&
Source: jfxwebkit.dll.2.drString found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1.
Source: java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: jfxwebkit.dll.2.drString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: jfxwebkit.dll.2.drString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://www.ifpi.org/isrc/
Source: jfxwebkit.dll.2.drString found in binary or memory: http://www.jclark.com/xt
Source: jfxwebkit.dll.2.drString found in binary or memory: http://www.khronos.org/registry/typedarray/specs/latest/#7
Source: java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drString found in binary or memory: http://www.symauth.com/cps0(
Source: java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drString found in binary or memory: http://www.symauth.com/rpa00
Source: jfxwebkit.dll.2.drString found in binary or memory: http://xmlsoft.org/XSLT/
Source: jfxwebkit.dll.2.drString found in binary or memory: http://xmlsoft.org/XSLT/Templates:
Source: jfxwebkit.dll.2.drString found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: jfxwebkit.dll.2.drString found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxpath
Source: java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drString found in binary or memory: https://d.symcb.com/cps0%
Source: java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drString found in binary or memory: https://d.symcb.com/rpa0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5fc4a9.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICBBE.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC2C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC5C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC8C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICCCB.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{23AAF2F9-9F94-4486-A2DE-9628990674A1}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID0B4.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSICBBE.tmpJump to behavior
Source: CTGZXFCD179480408.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs CTGZXFCD179480408.msi
Source: classification engineClassification label: sus25.winMSI@4/83@0/0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CMLD18A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF78C8ACCE5F25F1A2.TMPJump to behavior
Source: jfxwebkit.dll.2.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: jfxwebkit.dll.2.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: jfxwebkit.dll.2.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: jfxwebkit.dll.2.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: jfxwebkit.dll.2.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: jfxwebkit.dll.2.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE Origins (origin TEXT UNIQUE ON CONFLICT REPLACE, path TEXT);
Source: jfxwebkit.dll.2.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\CTGZXFCD179480408.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3D762178AF352014197687C1EC823CB3
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3D762178AF352014197687C1EC823CB3Jump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: CTGZXFCD179480408.msiStatic file information: File size 67692544 > 1048576
Source: C:\Windows\System32\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\msvcr100.dllJump to behavior
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: java-rmi.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb0 source: eula.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb source: java_crw_demo.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdbPfC source: javaws.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsdt\jsdt.pdb source: jsdt.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: ktab.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb source: fontmanager.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb@ source: fontmanager.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb98 source: java_crw_demo.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: dt_shmem.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb source: eula.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: javaws.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\deploy.pdb source: deploy.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: CTGZXFCD179480408.msi, MSICC5C.tmp.2.dr, MSICC2C.tmp.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: jjs.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: jp2launcher.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdbP*A source: jp2launcher.exe.2.dr
Source: jfxwebkit.dll.2.drStatic PE information: section name: .unwante
Source: msvcr100.dll.2.drStatic PE information: section name: .text entropy: 6.90903234258047
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICCCB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jsound.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\msvcr100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\Data.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\mlib_image.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jp2launcher.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javacpl.cplJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javaw.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICBBE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jaas_nt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javafx_iio.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\instrument.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\keytool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dcpr.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\ktab.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jjs.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC8C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jp2iexp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javafx_font.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC5C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javafx_font_t2k.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JAWTAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jfr.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC2C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\hprof.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\decora_sse.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\gstreamer-lite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JavaAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jsdt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jfxwebkit.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\deploy.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jawt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JavaAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\lcms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jp2ssv.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\java_crw_demo.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\kinit.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\bci.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\java-rmi.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\java.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jpeg.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\eula.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\j2pkcs11.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\client\jvm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dt_socket.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dtplugin\deployJava1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jli.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\fontmanager.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jp2native.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\glass.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javaws.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jabswitch.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\management.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dt_shmem.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\fxplugins.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\klist.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\msvcp120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jfxmedia.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jdwp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javacpl.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\glib-lite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jsoundds.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\kcms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\awt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\java.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\j2pcsc.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICCCB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC8C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC5C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICC2C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICBBE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javacpl.cplJump to dropped file

Boot Survival

barindex
Creates autostart registry keys to launch java
Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\42112CAB75FB99A42AA1B59724538D4F 9F2FAA3249F968442AED69829960471A C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javaw.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICCCB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jsound.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\msvcr100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\Data.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\mlib_image.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jp2launcher.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javacpl.cplJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javaw.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICBBE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jaas_nt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javafx_iio.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\instrument.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\keytool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dcpr.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\ktab.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jjs.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICC8C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jp2iexp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javafx_font.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javafx_font_t2k.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICC5C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JAWTAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jfr.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSICC2C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\hprof.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\decora_sse.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JavaAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\gstreamer-lite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jsdt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jfxwebkit.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\deploy.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jawt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JavaAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\lcms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jp2ssv.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\java_crw_demo.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\kinit.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\bci.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\java-rmi.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\java.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jpeg.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\j2pkcs11.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\eula.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\client\jvm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dtplugin\deployJava1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dt_socket.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jli.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\fontmanager.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jp2native.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\glass.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javaws.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\management.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jabswitch.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\fxplugins.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dt_shmem.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\klist.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\msvcp120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jfxmedia.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jdwp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javacpl.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\kcms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\glib-lite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jsoundds.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\java.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\awt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\j2pcsc.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: deploy.dll.2.drBinary or memory string: [mwndProcID was NULL in mainLoop()wndProc(JIJJ)JNULL != hIcon../../src/common/windows/native/WindowsJavaTrayIcon.cppTrayNotifyWndShell_TrayWndUnable to Start Java Plug-in Control Panel%s\javacpl.exeJava Sys Tray
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		Windows Management Instrumentation1
DLL Side-Loading		2
Process Injection		31
Masquerading		OS Credential Dumping2
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Software Packing		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		2
Process Injection		Security Account Manager11
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1500450 Sample: CTGZXFCD179480408.msi Startdate: 28/08/2024 Architecture: WINDOWS Score: 25 5 msiexec.exe 123 111 2->5         started        9 msiexec.exe 2 2->9         started        file3 13 C:\Windows\Installer\MSICCCB.tmp, PE32 5->13 dropped 15 C:\Windows\Installer\MSICC8C.tmp, PE32 5->15 dropped 17 C:\Windows\Installer\MSICC5C.tmp, PE32 5->17 dropped 19 65 other files (none is malicious) 5->19 dropped 21 Creates autostart registry keys to launch java 5->21 11 msiexec.exe 5->11         started        signatures4 process5

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
CTGZXFCD179480408.msi0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\Data.exe3%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\Data.exe0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JAWTAccessBridge-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JAWTAccessBridge-32.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JAWTAccessBridge.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JAWTAccessBridge.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JavaAccessBridge-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JavaAccessBridge-32.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JavaAccessBridge.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JavaAccessBridge.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\awt.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\awt.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\bci.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\bci.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\client\jvm.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\client\jvm.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dcpr.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dcpr.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\decora_sse.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\decora_sse.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\deploy.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\deploy.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dt_shmem.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dt_shmem.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dt_socket.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dt_socket.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dtplugin\deployJava1.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dtplugin\deployJava1.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dtplugin\npdeployJava1.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dtplugin\npdeployJava1.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\eula.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\eula.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\fontmanager.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\fontmanager.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\fxplugins.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\fxplugins.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\glass.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\glass.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\glib-lite.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\glib-lite.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\gstreamer-lite.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\gstreamer-lite.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\hprof.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\hprof.dll0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
http://www.symauth.com/rpa000%URL Reputationsafe
http://www.symauth.com/rpa000%URL Reputationsafe
http://exslt.org/common0%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://www.symauth.com/cps0(0%URL Reputationsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Your0%Avira URL Cloudsafe
http://www.jclark.com/xt0%Avira URL Cloudsafe
ftp://http://base%.20s%ddefault%d%.20scopying0%Avira URL Cloudsafe
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internal0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamer0%Avira URL Cloudsafe
http://exslt.org/commonnode-setdata-typexsltDoSortFunction:0%Avira URL Cloudsafe
http://www.jclark.com/xt0%VirustotalBrowse
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd0%Avira URL Cloudsafe
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD0%VirustotalBrowse
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Your0%VirustotalBrowse
http://icl.com/saxon0%Avira URL Cloudsafe
http://exslt.org/commonnode-setdata-typexsltDoSortFunction:0%VirustotalBrowse
http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamer0%VirustotalBrowse
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.This0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.0%Avira URL Cloudsafe
http://icl.com/saxon0%VirustotalBrowse
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internal0%VirustotalBrowse
http://xmlsoft.org/XSLT/Templates:0%Avira URL Cloudsafe
http://xmlsoft.org/XSLT/0%Avira URL Cloudsafe
http://xmlsoft.org/XSLT/namespace0%Avira URL Cloudsafe
http://tools.ietf.org/html/rfc3986#section-2.1.0%Avira URL Cloudsafe
http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:0%VirustotalBrowse
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd0%VirustotalBrowse
http://xmlsoft.org/XSLT/namespace0%VirustotalBrowse
http://www.ifpi.org/isrc/0%Avira URL Cloudsafe
http://www.khronos.org/registry/typedarray/specs/latest/#70%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.0%VirustotalBrowse
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.This0%VirustotalBrowse
http://www.ifpi.org/isrc/0%VirustotalBrowse
http://xmlsoft.org/XSLT/0%VirustotalBrowse
http://xmlsoft.org/XSLT/Templates:0%VirustotalBrowse
http://www.khronos.org/registry/typedarray/specs/latest/#70%VirustotalBrowse
http://tools.ietf.org/html/rfc3986#section-2.1.0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Yourgstreamer-lite.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
ftp://http://base%.20s%ddefault%d%.20scopyingjfxwebkit.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://www.jclark.com/xtjfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTDjfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.symauth.com/rpa00java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internalgstreamer-lite.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://exslt.org/commonnode-setdata-typexsltDoSortFunction:jfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamergstreamer-lite.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://exslt.org/commonjfxwebkit.dll.2.drfalse
  • URL Reputation: safe
unknown
http://ocsp.thawte.com0java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drfalse
  • URL Reputation: safe
unknown
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtdjfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://icl.com/saxonjfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:jfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Thisgstreamer-lite.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.gstreamer-lite.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://xmlsoft.org/XSLT/Templates:jfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://xmlsoft.org/XSLT/jfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://xmlsoft.org/XSLT/namespacejfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://tools.ietf.org/html/rfc3986#section-2.1.jfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.symauth.com/cps0(java-rmi.exe.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, eula.dll.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, deploy.dll.2.dr, jp2launcher.exe.2.dr, fontmanager.dll.2.dr, javaws.exe.2.dr, jsdt.dll.2.dr, jjs.exe.2.drfalse
  • URL Reputation: safe
unknown
http://www.ifpi.org/isrc/gstreamer-lite.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.khronos.org/registry/typedarray/specs/latest/#7jfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1500450
Start date and time:2024-08-28 13:56:20 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 41s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:6
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:CTGZXFCD179480408.msi
Detection:SUS
Classification:sus25.winMSI@4/83@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .msi

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
  • Excluded domains from analysis (whitelisted): d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JAWTAccessBridge.dllPGCTGZXFCD20242008.msiGet hashmaliciousUnknownBrowse
    CloudInstaller.zipGet hashmaliciousUnknownBrowse
      uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
        uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
          Advanced_IP_Scanner_2.5.4594.1 (1).exeGet hashmaliciousUnknownBrowse
            New Soft Update.exeGet hashmaliciousUnknownBrowse
              https://uceg-klom.us21.list-manage.com/track/click?u=9b882a29c7ab3b3f6381abd18&id=56bb8add24&e=4fba4902f9xGet hashmaliciousUnknownBrowse
                https://cdn.discordapp.com/attachments/1174332456720154685/1174332513909477499/orderCase_21-50821.zipGet hashmaliciousUnknownBrowse
                  https://soft-got.host/vgc/NordVPN-10_11.zipGet hashmaliciousUnknownBrowse
                    C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JAWTAccessBridge-32.dllPGCTGZXFCD20242008.msiGet hashmaliciousUnknownBrowse
                      CloudInstaller.zipGet hashmaliciousUnknownBrowse
                        uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                          uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                            Advanced_IP_Scanner_2.5.4594.1 (1).exeGet hashmaliciousUnknownBrowse
                              New Soft Update.exeGet hashmaliciousUnknownBrowse
                                https://uceg-klom.us21.list-manage.com/track/click?u=9b882a29c7ab3b3f6381abd18&id=56bb8add24&e=4fba4902f9xGet hashmaliciousUnknownBrowse
                                  https://cdn.discordapp.com/attachments/1174332456720154685/1174332513909477499/orderCase_21-50821.zipGet hashmaliciousUnknownBrowse
                                    https://soft-got.host/vgc/NordVPN-10_11.zipGet hashmaliciousUnknownBrowse

                                      Created / dropped Files

                                      C:\Config.Msi\5fc4ab.rbs

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):15889
                                      Entropy (8bit):5.372906969602752
                                      Encrypted:false
                                      SSDEEP:384:qdc8QpQpHARPKqGuKkWXvortTj43K8gs3CjUkDm8YjDf0ctiVnRfrpgQXP+RfFmW:qdc8QpQpgRPKqGuKkWXvortTj43Pgs3r
                                      MD5:D8A99163EDC983CBCE99D905C9C9D3EF
                                      SHA1:6CB7AB5DD512568F6096BBA4D346CA84186CE8B5
                                      SHA-256:7997CD0E53932E06EA6BE14EAFC18789540BE6DDEEB7F83FDDDD0631685619DC
                                      SHA-512:6A9FB9668447D0A1A76C614EC9C0C43E226917417D6F0460693766F836A2BCB2F75B70CFEA9490CA01087ECED04FF4EFE3096AB03DC247C0ED3F377F44A666B3
                                      Malicious:false
                                      Reputation:low
                                      Preview:...@IXOS.@.....@)?.Y.@.....@.....@.....@.....@.....@......&.{23AAF2F9-9F94-4486-A2DE-9628990674A1}..New Ar 2..CTGZXFCD179480408.msi.@.....@.....@.....@........&.{E79220BD-86C9-4103-8556-768F713A30D4}.....@.....@.....@.....@.......@.....@.....@.......@......New Ar 2......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]....ProcessComponents%.Atualizando o registro de componentes..&.{9DF256DC-2E1B-4AE9-AD36-A853530ADE87}&.{23AAF2F9-9F94-4486-A2DE-9628990674A1}.@......&.{6FDAD8C4-AC91-47D5-B050-1E22F667AF36}&.{23AAF2F9-9F94-4486-A2DE-9628990674A1}.@......&.{FD5E4EA6-884C-4125-99E8-220F38755F5C}&.{23AAF2F9-9F94-4486-A2DE-9628990674A1}.@......&.{ACED1E9F-A8CC-4F0A-BF34-E62BC5D4F8A2}&.{23AAF2F9-9F94-4486-A2DE-9628990674A1}.@......&.{BEC4F991-BDDF-45A4-90CD-708EEEE8F639}&.{23AAF2F9-9F94-4486-A2DE-9628990674A1}.@......&.{97F935A4-8ACA-497F-BCA3-4C4615653BB5}&.{23AAF2F9-9F94-4486-A2DE-9628990674A1}.@......&.{7C4AEC67-A1D4-4874-B382-0

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\Data.exe

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                      Category:dropped
                                      Size (bytes):32768
                                      Entropy (8bit):5.869022422210805
                                      Encrypted:false
                                      SSDEEP:384:9oI1gYZw33FUWUcC6TBhdsDgZH4o5NEvdlcn0ScPmPn0Avsl9EPg/s4Xsn+KvHKj:x7Zw33FNUf6Nhd/fQ1l+0vM0iT9
                                      MD5:DA5AFA3C2ABA02E621D4C0DA273AEA13
                                      SHA1:73B00FBC07570F0335D80AB37BA6FB3C516F5F88
                                      SHA-256:D3A8EC615FF512CBB743505BCC222AD6ED42E0CA41CFCC60226145557727DF62
                                      SHA-512:4822BC5069F05602AEB8769B273BD29852080A5F46EC51B7C38CA7CA1C205FF06456F9887579AFFBDFFEA4C6B0E64F4E256E49659F854D56BA8BD74DC0EA6029
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 3%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....n.f.................b........................@..........................P............@... ..............................0.......@...............................................................................2...............................text....`.......b.................. .0`.data...@............f..............@.0..rdata...............h..............@.0@.bss....0.............................0..idata.......0.......n..............@.0..rsrc........@.......z..............@.0.................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JAWTAccessBridge-32.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):14912
                                      Entropy (8bit):6.141852308272967
                                      Encrypted:false
                                      SSDEEP:192:7pQMhM63XLPVT6MsMPapRuBUEp7nYe+PjPriT0fwtK:7muL7PV4aapRuBTp7nYPLr7J
                                      MD5:D63933F4E279A140CC2A941CCFF38348
                                      SHA1:75169BE2E9BCFE20674D72D43CA6E2BC4A5A9382
                                      SHA-256:532D049E0D7A265754902C23B0F150D665A78A3D6FE09AD51C9BE8C29D574A3D
                                      SHA-512:D7A5023A5EB9B0C3B2AD6F55696A166F07FA60F9D1A12D186B23AAAACC92EF948CB5DFFA013AFC90C4BBE3DE077D591185902384F677D0BAE2FF7CFD5DB5E06C
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Joe Sandbox View:
                                      • Filename: PGCTGZXFCD20242008.msi, Detection: malicious, Browse
                                      • Filename: CloudInstaller.zip, Detection: malicious, Browse
                                      • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                      • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                      • Filename: Advanced_IP_Scanner_2.5.4594.1 (1).exe, Detection: malicious, Browse
                                      • Filename: New Soft Update.exe, Detection: malicious, Browse
                                      • Filename: , Detection: malicious, Browse
                                      • Filename: , Detection: malicious, Browse
                                      • Filename: , Detection: malicious, Browse
                                      Reputation:moderate, very likely benign file
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...yPjW...........!......................... .....m.........................`......em....@.........................`%......,"..P....@..x............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..d.... ......................@..@.data...`....0......................@....rsrc...x....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JAWTAccessBridge.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):14912
                                      Entropy (8bit):6.1347115439165085
                                      Encrypted:false
                                      SSDEEP:192:0Usw4DPU3XLPVT6GsKOhWIutUinYe+PjPriT0fwyI8:ew7PVIKyWIutDnYPLr728
                                      MD5:B4EB9B43C293074406ADCA93681BF663
                                      SHA1:16580FB7139D06A740F30D34770598391B70AC96
                                      SHA-256:8CD69AF7171F24D57CF1E6D0D7ACD2B35B4EA5FDF55105771141876A67917C52
                                      SHA-512:A4E999E162B5083B6C6C3EAFEE4D84D1EC1C61DCA6425F849F352FFDCCC2E44DFEE0625C210A8026F9FF141409EEBF9EF15A779B26F59B88E74B6A2CE2E82EF9
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Joe Sandbox View:
                                      • Filename: PGCTGZXFCD20242008.msi, Detection: malicious, Browse
                                      • Filename: CloudInstaller.zip, Detection: malicious, Browse
                                      • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                      • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                      • Filename: Advanced_IP_Scanner_2.5.4594.1 (1).exe, Detection: malicious, Browse
                                      • Filename: New Soft Update.exe, Detection: malicious, Browse
                                      • Filename: , Detection: malicious, Browse
                                      • Filename: , Detection: malicious, Browse
                                      • Filename: , Detection: malicious, Browse
                                      Reputation:moderate, very likely benign file
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...zPjW...........!......................... .....m.........................`.......2....@.........................`%......,"..P....@..p............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..a.... ......................@..@.data...`....0......................@....rsrc...p....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JavaAccessBridge-32.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):128064
                                      Entropy (8bit):6.428684952829155
                                      Encrypted:false
                                      SSDEEP:3072:uN77TJSG78+5Orcj5K/e2Hrgc6kZAn1yEkBKMKy1Zf22QYHJiuzTl8ShzzM+64mn:uNXd178+5fJZnQLo
                                      MD5:2F808ED0642BD5CF8D4111E0AF098BBB
                                      SHA1:006163A07052F3D227C2E541691691B4567F5550
                                      SHA-256:61DFB6126EBA8D5429F156EAAB24FF30312580B0ABE4009670F1DD0BC64F87BB
                                      SHA-512:27DBDA3A922747A031FF7434DE5A596725FF5AE2BC6DD83D6D5565EB2BA180B0516896323294459997B545C60C9E06DA6C2D8DD462A348A6759A404DB0F023A7
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Reputation:moderate, very likely benign file
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...rPjW...........!................#..............m................................p.....@.........................p...........P.......x...............@...........................................p...@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\JavaAccessBridge.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):127552
                                      Entropy (8bit):6.413283221897154
                                      Encrypted:false
                                      SSDEEP:3072:SdQ4jWJt4XChlFavveKSQ4gHK/e2Hrgc6kZAn1y1koKMKy1Zf22QYHJiuzTl8ShM:Sy4SJ1TFavvehc7ZnwEr
                                      MD5:C3DED5F41E28FAF89338FB46382E4C3E
                                      SHA1:6F77920776D39550355B146D672C199A3941F908
                                      SHA-256:4691603DFABE6D7B7BEAC887DADC0E96243C2FF4F9A88CE3793E93356C53AA08
                                      SHA-512:23621F2856899F40CFA9858DC277372BFE39F0205377543EB23E94422D479A53FDF664F4A9A4515C2285811F01D91AB64A834A03A4D3AB0CB7D78F8AF11135FF
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...sPjW...........!...............................m......................................@.........................@...........P.......p...............@...........................................H...@............................................text...n........................... ..`.rdata..............................@..@.data...............................@....rsrc...p...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\awt.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):1182272
                                      Entropy (8bit):6.63089480914076
                                      Encrypted:false
                                      SSDEEP:24576:68M4H6ioDs5FELnSbY6Ck2IlAnVCXQlFg3:9eaGnkXQlFQ
                                      MD5:159CCF1200C422CED5407FED35F7E37D
                                      SHA1:177A216B71C9902E254C0A9908FCB46E8D5801A9
                                      SHA-256:30EB581C99C8BCBC54012AA5E6084B6EF4FCEE5D9968E9CC51F5734449E1FF49
                                      SHA-512:AB3F4E3851313391B5B8055E4D526963C38C4403FA74FB70750CC6A2D5108E63A0E600978FA14A7201C48E1AFD718A1C6823D091C90D77B17562B7A4C8C40365
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.Q...?...?...?......?.......?.......?.z...?.......?.......?...>.;.?.....s.?.....w.?.......?.......?.......?.Rich..?.........................PE..L...nPjW...........!................,G.............m.........................P......Y.....@.................................,{...........N..............@....P......................................v..@............... ....V..`....................text...<........................... ..`.rdata.............................@..@.data...8....@...~...2..............@....rsrc....N.......P..................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\bci.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):15424
                                      Entropy (8bit):6.380726588633652
                                      Encrypted:false
                                      SSDEEP:384:1Td3hw/L3kKLnYgIOGOOssnPV5Lnf6onYPLr7EbH:1zw/bkKLt7KnddnfPC7S
                                      MD5:A46289384F76C2A41BA7251459849288
                                      SHA1:4D8EF96EDBE07C8722FA24E4A5B96EBFA18BE2C4
                                      SHA-256:728D64BC1FBF48D4968B1B93893F1B5DB88B052AB82202C6840BF7886A64017D
                                      SHA-512:34D62BEB1FA7D8630F5562C1E48839CE9429FAEA980561E58076DF5F19755761454EEB882790EC1035C64C654FC1A8CD5EB46ECA12E2BC81449ACBB73296C9E8
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../x.W...w.W..W..W....s.W...u.W...@.W...A.W...p.W...q.W...v.W..Rich.W..........................PE..L...nPjW...........!......................... .....m.........................`.......9....@..........................'......|$..<....@...............$..@....P....... ..............................8#..@............ ...............................text............................... ..`.rdata..v.... ......................@..@.data...p....0......................@....rsrc........@......................@..@.reloc.......P......."..............@..B........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\client\Xusage.txt

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):1447
                                      Entropy (8bit):4.228834598358894
                                      Encrypted:false
                                      SSDEEP:24:+3AKdmzfuv6pBSyGJkR/4o6kn2SRGehD+GrspGC/hLRra:BzMUBLGJkBA+RGeV+GrspGC/TO
                                      MD5:F4188DEB5103B6D7015B2106938BFA23
                                      SHA1:8E3781A080CD72FDE8702EB6E02A05A23B4160F8
                                      SHA-256:BD54E6150AD98B444D5D24CEA9DDAFE347ED11A1AAE749F8E4D59C963E67E763
                                      SHA-512:0BE9A00A48CF8C7D210126591E61531899502E694A3C3BA7C3235295E80B1733B6F399CAE58FB4F7BFF2C934DA7782D256BDF46793F814A5F25B7A811D0CB2E3
                                      Malicious:false
                                      Preview: -Xmixed mixed mode execution (default).. -Xint interpreted mode execution only.. -Xbootclasspath:<directories and zip/jar files separated by ;>.. set search path for bootstrap classes and resources.. -Xbootclasspath/a:<directories and zip/jar files separated by ;>.. append to end of bootstrap class path.. -Xbootclasspath/p:<directories and zip/jar files separated by ;>.. prepend in front of bootstrap class path.. -Xnoclassgc disable class garbage collection.. -Xincgc enable incremental garbage collection.. -Xloggc:<file> log GC status to a file with time stamps.. -Xbatch disable background compilation.. -Xms<size> set initial Java heap size.. -Xmx<size> set maximum Java heap size.. -Xss<size> set java thread stack size.. -Xprof output cpu profiling data.. -Xfuture enable strictest checks, an

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\client\jvm.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):3857984
                                      Entropy (8bit):6.850425436805504
                                      Encrypted:false
                                      SSDEEP:98304:GyXul1SNceWfkD000V3wnIACM7g6cv/GZ:Q1SgfEP0ZwnIA97dcv/GZ
                                      MD5:39C302FE0781E5AF6D007E55F509606A
                                      SHA1:23690A52E8C6578DE6A7980BB78AAE69D0F31780
                                      SHA-256:B1FBDBB1E4C692B34D3B9F28F8188FC6105B05D311C266D59AA5E5EC531966BC
                                      SHA-512:67F91A75E16C02CA245233B820DF985BD8290A2A50480DFF4B2FD2695E3CF0B4534EB1BF0D357D0B14F15CE8BD13C82D2748B5EDD9CC38DC9E713F5DC383ED77
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$=.$`\.w`\.w`\.w{.Twb\.w..Pwf\.w{.Vwl\.w{.bwl\.wi$[wo\.w`\.w}].w{.cw-^.w{.Swa\.w{.Rwa\.w{.Uwa\.wRich`\.w........PE..L...nPjW...........!......,...........+.......,....m..........................<......q;...@...........................4.......4.......9.(.............:.@.... 9..G....,..............................t2.@.............,.P............................text.....+.......,................. ..`.rdata..Y.....,.......,.............@..@.data...d.....5..*....4.............@....rsrc...(.....9......"7.............@..@.reloc..\.... 9......(7.............@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dcpr.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):142912
                                      Entropy (8bit):7.350682736920136
                                      Encrypted:false
                                      SSDEEP:3072:aoGzTjLkRPQ9U9NuLqcNicj5ojGylYCE2Iu2jGLF5A9bE8LUekfCz:LGz/oRPGLJN1IGgYCE2L1F5A9bEGUeR
                                      MD5:4BDC32EF5DA731393ACC1B8C052F1989
                                      SHA1:A677C04ECD13F074DE68CC41F13948D3B86B6C19
                                      SHA-256:A3B35CC8C2E6D22B5832AF74AAF4D1BB35069EDD73073DFFEC2595230CA81772
                                      SHA-512:E71EA78D45E6C6BD08B2C5CD31F003F911FD4C82316363D26945D17977C2939F65E3B9748447006F95C3C6653CE30D2CDA67322D246D43C9EB892A8E83DEB31A
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k..K.c.K.c.K.c.Br..I.c.P...H.c.P...I.c.P...N.c.K.b.m.c.P...m.c.P...J.c.P...J.c.P...J.c.RichK.c.........................PE..L...nPjW...........!.........Z......V.............Sm.........................@.......!....@.................................<...P.... ..................@....0..........................................@............................................text...n........................... ..`.rdata........... ..................@..@.data....+.......(..................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\decora_sse.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):64064
                                      Entropy (8bit):6.338192715882019
                                      Encrypted:false
                                      SSDEEP:1536:Skh2CQuUlng7qkKi5iO8pm8cN9qOU33oit:Skkhu0nTli5jN8cNAOUHnt
                                      MD5:B04ABE76C4147DE1D726962F86473CF2
                                      SHA1:3104BADA746678B0A88E5E4A77904D78A71D1AB8
                                      SHA-256:07FF22E96DCFD89226E5B85CC07C34318DD32CDA23B7EA0474E09338654BFEB3
                                      SHA-512:2E4E2FEB63B6D7388770D8132A880422ABF6A01941BFF12CAD74DB4A641BDA2DCC8BF58F6DAE90E41CC250B79E7956DDF126943E0F6200272F3376A9A19505F1
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{.|.{.|.{.|..N..y.|.{.}.g.|.v.x.|.v.y.|.v.w.|.v.y.|....Z.|....z.|.v.z.|....z.|.Rich{.|.........................PE..L...nPjW...........!......... ......_.............Vm......................... .......*....@.....................................<.......................@...........................................(...@...............t............................text............................... ..`.rdata..............................@..@.data...\...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\deploy.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):453184
                                      Entropy (8bit):6.516599034237354
                                      Encrypted:false
                                      SSDEEP:6144:3J/sbugq7rm5zX2JDYfiA9+wvpsEWcIGnFm8iTFOBITfnvxIW1x8:3JUbzq+5zX25qvdfnFm88nvq+x8
                                      MD5:5EDAEFFC60B5F1147068E4A296F6D7FB
                                      SHA1:7D36698C62386449A5FA2607886F4ADF7FB3DEEF
                                      SHA-256:87847204933551F69F1CBA7A73B63A252D12EF106C22ED9C561EF188DFFCBAE8
                                      SHA-512:A691EF121D3AC17569E27BB6DE4688D3506895B1A1A8740E1F16E80EEFCE70BA18B9C1EFD6FD6794FAFC59BA2CAF137B4007FCDC65DDB8BCBFCF42C97B13535B
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:...:...:.......:.e....:......:......:.....:....:....:...;.`.:......:.......:.......:.......:.Rich..:.................PE..L...oPjW...........!.........:......n.............Xm................................-.....@.........................@...\6..............................@.......|8..................................Xh..@...............X...8........................text............................... ..`.rdata...;.......<..................@..@.data...............................@....rsrc...............................@..@.reloc..ZE.......F..................@..B................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dt_shmem.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):25152
                                      Entropy (8bit):6.627329311560644
                                      Encrypted:false
                                      SSDEEP:384:0mgNWEfK0RiC4qxJL8VI6ZEPG5Vv/11nYPLr7N:H6WmK0RiSxJ4VI6W+zbC7N
                                      MD5:72B7054811A72D9D48C95845F93FCD2C
                                      SHA1:D25F68566E11B91C2A0989BCC64C6EF17395D775
                                      SHA-256:D4B63243D1787809020BA6E91564D17FFEA4762AF99201E241F4ECD20108D2E8
                                      SHA-512:C6A16DAAF856939615DFDE8E9DBE9D5BFC415507011E85E44C6BF88B17B705C35CD7CED8EDA8F358745063F41096938D128DEE17E14FE93252E5B046BDFCDDC0
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%..cK.cK.cK....cK....cK.cJ.cK....cK....cK....cK....cK....cK....cK.Rich.cK.........PE..L...nPjW...........!.....*...........4.......@....|m................................:6....@.........................0M.......H..<....p...............J..@............A...............................F..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......@..............@....rsrc........p.......B..............@..@.reloc..z............F..............@..B................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dt_socket.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):21568
                                      Entropy (8bit):6.601333059222365
                                      Encrypted:false
                                      SSDEEP:384:QwiAYZIxsQbbRLEs5Ltd7rpPVJfq0nYPLr7Ko+:BiPZj+bVEmtd7rpdJfnC7J+
                                      MD5:73603BF0DC85CAA2F4C4A38B9806EC82
                                      SHA1:74EBC4F158936842840973F54AF50CDF46BC9096
                                      SHA-256:39EF85AB21F653993C8AAAB2A487E8909D6401A21F27CBA09283B46556FB16AF
                                      SHA-512:5C238D677D458D5B7D43FA3FF424E13B62ABFCEDE66D55E3112DC09BF2F7B640EB8F82D00E41A2C7A7E7B36E3FCE3C2DCB060037314418D329466CC462D0BF71
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...'<8.>...'<:.>...'<..>...<...v...5.7.9...'<..1...'<?.=...'<>.=...'<9.=...Rich<...........................PE..L...nPjW...........!.................&.......0....}m................................F.....@..........................A..U....<..P....`...............<..@....p......@1..............................x;..@............0..(............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dtplugin\deployJava1.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):827456
                                      Entropy (8bit):6.022966185458799
                                      Encrypted:false
                                      SSDEEP:24576:E0NweWDjb28WNjE/lBy/pUbS3lYMpQIRrAOh3:7Wb5By/pUbouAQIRHh3
                                      MD5:E741028613B1FC49EC5A899BE6E3FC34
                                      SHA1:9EAE3D3CA22E92A925395A660B55CECB2EB62D54
                                      SHA-256:9163A546696E581D443B3A6250F61E5368BE984C69ADFB54EE2B0E51D0FA008E
                                      SHA-512:05C6CE707F4F0F415E74D32F1AACEC7E2C7746C3D04C75502EAECAFAF9E0108CE6206A8A3939C92EDCE449FFC0A68FB4389EDAA93D61920D1EC85327D1B3A55A
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Vu.'...t...t...t..Tt...t.lIt...t.lYt...t...t...t}bat...t..`t...t..at{..t..Qt...t..Pt...t..Wt...tRich...t................PE..L...pPjW...........!................T.............`m.....................................@.........................................P..................@....p..\^.....................................@...............X...........................text...,........................... ..`.rdata..8...........................@..@.data....t.......R..................@....rsrc........P......................@..@.reloc..zr...p...t..................@..B................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\dtplugin\npdeployJava1.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):907328
                                      Entropy (8bit):6.160830535423145
                                      Encrypted:false
                                      SSDEEP:24576:ZyWOeRjqm9ZRI+Ga+fme7CV93+x6FQ3ge:VRAeMme7kA6F6ge
                                      MD5:4FD3548990CAF9771B688532DEF5DE48
                                      SHA1:567C27A4EA16775085D8E87A38FE58BEC4463F7D
                                      SHA-256:BDE5DF7BCFC35270B57A8982949BF5F25592A2E560A04E9868B84BEF83A0EA4B
                                      SHA-512:FD2CF2072A786293E30CD495BA06F4734F0CEA63CBC49B6D7A24F6891612375E48D1B5758D9408625E769E8A81C7C34F04278E011BCF47EDEB8C2AFC13AEC20C
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x...x...x....k..x...._..x....v..x....f..x...x...y....^..x....^..x....n..x....o..x....h..x..Rich.x..........................PE..L...nPjW...........!.................D.......0....mm................................t.....@..........................>......."..........................@........c...5..............................p...@............0..4............................text............................... ..`.rdata..T....0......................@..@.data...$Y...@...6...,..............@....rsrc................b..............@..@.reloc...g.......h...X..............@..B........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\eula.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):109120
                                      Entropy (8bit):5.986571003903383
                                      Encrypted:false
                                      SSDEEP:1536:LE9WcstxlDgZ9EYDKg0nc6N3MR+EpOB+o+5PVT/B:ghspgZPDanhs+EpOBF+5PFB
                                      MD5:A5455B9BEB5672D89B1F0FCFAA4C79CA
                                      SHA1:9C7DBB5AD1CB3EBE7347A9CDDD80389902DA81EC
                                      SHA-256:89A429889DCD0F6A3FE56217A0FEB5912132AAB2817643021EAE3716DA533D4A
                                      SHA-512:131866A4754F4AF78A94F0776815E7EA4375736A4B11A723B87A4436FA101D271FFE14E4B49D3AB1AE2FA61CDBDED0C3D174C75327BE3C24E0E4CC39AFFA9469
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ot....Z...Z...Z..Z...ZC@.Z...Z..Z...Z..Z...Z.v.Z...Z.v.Z...Z...Z...Z.x.Z...Z..Z...Z..Z...Z..Z...Z..Z...ZRich...Z........................PE..L...oPjW...........!..............................~m......................................@.........................P...J............0...t..............@...........P...............................0...@............... ...d...`....................text............................... ..`.rdata...D.......F..................@..@.data...0...........................@....rsrc....t...0...v..................@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\fontmanager.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):223296
                                      Entropy (8bit):6.501845596055873
                                      Encrypted:false
                                      SSDEEP:6144:8P8OC0xbNXLJAEh4hijzud6kAgZkFGMReiDfbgOBI1:8P8OC0xbNXLJAEh4hijzud6kAgYGSA
                                      MD5:9D5EDECF7E33DDD0E2A6A0D34FC12CA1
                                      SHA1:FC228A80FF85D78AA5BFBA2515EFED3257B9B009
                                      SHA-256:6D817519C2E2EFDD3986EB655C1F687D4774730AB20768DF1C0AAEF03B110965
                                      SHA-512:B4D58D3415D0255DCD87EF413762BC0F2934AAA6C8151344266949D3DD549ABDCA1366FA751A988CDDC1430EBF5D17668ADF02096DD4D5EAFE75604C0DA0B4C9
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wG.s3&. 3&. 3&. .h. 0&. (.. 6&. :^. ;&. (.. 4&. 3&. n&. (.4 n&. (.5 "&. (.. 2&. (.. 2&. (.. 2&. Rich3&. ........PE..L...oPjW...........!.........~.....................m.................................e....@......................... ;.......1.......`...............P..@....p......................................@...@............................................text............................... ..`.rdata...O.......P..................@..@.data........@.......,..............@....rsrc........`.......8..............@..@.reloc..L....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\fxplugins.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):151104
                                      Entropy (8bit):6.548096027649263
                                      Encrypted:false
                                      SSDEEP:3072:PPuiQNBInyjJ2y53/5d8n9e/ry7zOAHpyWWJd1u2TeKSNlGFGZQfVN2:iBInu2y5P5dkeDy7zOUpLJ2mHZQf2
                                      MD5:7A710F90A74981C2F060FA361D094822
                                      SHA1:FBDCA4E3F19AD5201572974E3C772A3C2694FBB3
                                      SHA-256:9BC52058C02E0C87A6A9470C62D1AA4F998942CC00F99A82E7805E87D958BC16
                                      SHA-512:928708DFF6A372BA997C072238823469CBFD28CCBB17A723AD35F851D35C6EFF82748AA41A9215955B9536A14AA57D47ABE0F1BA00D11F8D920A57F91B7A35E5
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................5......7.....................&.......8.......#.....5.........................4......3.....6.....Rich....................PE..L...oPjW...........!................g..............m.........................p............@.........................0...P............@...............6..@....P..........................................@...............4............................text............................... ..`.rdata...g.......h..................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\glass.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):200768
                                      Entropy (8bit):6.431501859060678
                                      Encrypted:false
                                      SSDEEP:3072:lC0MaRHVsSduCCkNlKpR1FHNnuNcCwJPT54l2B3Fzkmldrz5ZD9hYJOj9T3iRK:s0XR1sYtxgGl2B3uWjhYJOj9TSY
                                      MD5:434CBB561D7F326BBEFFA2271ECC1446
                                      SHA1:3D9639F6DA2BC8AC5A536C150474B659D0177207
                                      SHA-256:1EDD9022C10C27BBBA2AD843310458EDAEAD37A9767C6FC8FDDAAF1ADFCBC143
                                      SHA-512:9E37B985ECF0B2FEF262F183C1CD26D437C8C7BE97AA4EC4CD8C75C044336CC69A56A4614EA6D33DC252FE0DA8E1BBADC193FF61B87BE5DCE6610525F321B6DC
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g_..g_..g_..._..g_..._..g_..._..g_..._..g_aT._..g_aT._..g_aT._..g_..f_..g_..._..g_.._..g_.._..g_..._..g_.._..g_Rich..g_........................PE..L...oPjW...........!...............................m.........................0............@..........................l..................X&..............@........(......................................@...............<....^.......................text...\........................... ..`.rdata..............................@..@.data...\"..........................@....rsrc...X&.......(..................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\glib-lite.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):400960
                                      Entropy (8bit):6.165546757090391
                                      Encrypted:false
                                      SSDEEP:6144:vxDvEpBGH7t7PB7Es7va/QdqOBYswIprNWhk+URpxfu4w7J:tvEpBGH7pN57vwQd6swIp5WhkRlfu4CJ
                                      MD5:767BBA46789597B120D01E48A685811E
                                      SHA1:D2052953DDE6002D590D0D89C2A052195364410A
                                      SHA-256:218D349986E2A0CD4A76F665434F455A8D452F1B27EAF9D01A120CB35DA13694
                                      SHA-512:86F7F7E87514DBC62C284083D66D5F250A24FC5CD7540AF573C3FB9D47B802BE5FFBBC709B638F8E066AB6E4BB396320F6E65A8016415366799C74772398B530
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j..'..{t..{t..{t.g.t).{t#..t-.{t#..t".{t#..t".{t#..t,.{tS..ty.{t.8.t".{t..zt..{tS..t/.{t#..t/.{tS..t/.{tRich..{t................PE..L...oPjW...........!.....V...........=.......p.....m.........................P............@.............................^...............................@.... ..h'......................................@............p...............................text....T.......V.................. ..`.rdata...j...p...l...Z..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..h'... ...(..................@..B........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\gstreamer-lite.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):514112
                                      Entropy (8bit):6.805344203686025
                                      Encrypted:false
                                      SSDEEP:12288:Y5JbfdT5NYGe8m51QSWvopH1kdMDbA2ZoNnYX:Y5JV7eB3KopvnAe2YX
                                      MD5:8D0CE7151635322F1FE71A8CEA22A7D6
                                      SHA1:81E526D3BD968A57AF430ABB5F55A5C55166E579
                                      SHA-256:43C2AC74004F307117D80EE44D6D94DB2205C802AE6F57764810DEE17CFC914D
                                      SHA-512:3C78C0249B06A798106FEAF796AA61D3A849F379BD438BF0BB7BFED0DC9B7E7EA7DE689BC3874ED8B97FF2B3BA40265DED251896E03643B696EFDBF2E01AC88C
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Es.J$..J$..J$....N$..Gv..I$..Gv.G$..Gv..G$..Gv..H$..7]..%$.....B$..7]..H$..J$...%..7]..K$..Gv.K$..7].K$..RichJ$..........PE..L...pPjW...........!................g..............m......................................@..........................F.......I..........................@.......lT...................................E..@............................................text............................... ..`.rdata..............................@..@.data....0...`..."...D..............@....rsrc................f..............@..@.reloc..lT.......V...j..............@..B........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\hprof.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):132672
                                      Entropy (8bit):6.708436670828807
                                      Encrypted:false
                                      SSDEEP:3072:HGBc2vf2AWlvx+Kre9vVv3CoLORljxWEXyB/NK3GyNf9:mxvffVvyo0X8NKW+1
                                      MD5:6376B76728E4A873B2BB7233CBCD5659
                                      SHA1:3BE08074527D5B5BC4A1DDCEC41375E3B3A8A615
                                      SHA-256:4FDF86D78ABC66B44B8AFF4BBCE1F2A5D6D9900767BE3CAAE450409924DBC5AD
                                      SHA-512:955E7C5AB735183B491A753710B6F598A142A2876DDAE5AD301C3DA82A65CE82238E0F20C9F558F80138D58F8DC00B4EBD21483CEED0AABEEDA32CCA5D2E3D48
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........vu^............8Y...............................o..............................................Rich............................PE..L...oPjW...........!.....z...x......_..............m......................... ......^.....@.............................i...|...d.......................@........................................... ...@...............d............................text...Ny.......z.................. ..`.rdata...N.......P...~..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\instrument.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):115776
                                      Entropy (8bit):6.787384437276838
                                      Encrypted:false
                                      SSDEEP:1536:0LHPDcdivqC4xMfl/hAxfZ/t0QHQIM7iVxoQCpGlyir0wIOfnToIfemrVZQirM:0rPDco4xMNEfZ1LQG4igmvTBfem7QcM
                                      MD5:AB6ED0CFD0C52DBEDE1BE910EFA8A89B
                                      SHA1:83CBC2746A50C155261407ECE3D7A5C58AAD0437
                                      SHA-256:8A6FBB08E0F418A3BB80CC65233E7270C820741DD57525ED7FD3CC479A49396E
                                      SHA-512:41773183FC20E42BF208064163AA55658692B9221560146E4F6A676F96FC76541ED82F1EFDFA31F8C25BA42F271F7D9087DE681DA937BBF0EB2C781E027F1218
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g0...c...c...c..c...c...c...cP..c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...cRich...c........PE..L...oPjW...........!........................0.....m......................................@.........................@.......|...(.......................@...........p1.............................. ...@............0..0............................text...L........................... ..`.rdata...f...0...h..................@..@.data....,..........................@....rsrc...............................@..@.reloc..Z...........................@..B................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\j2pcsc.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):16448
                                      Entropy (8bit):6.490137326885244
                                      Encrypted:false
                                      SSDEEP:384:WCMJqfiSZzDonPV5TyVIbb8nYPLr7VblXT:WLJqrNkndQIsC7Vhj
                                      MD5:1F004C428E01F8BEB07B52EB9659A661
                                      SHA1:4D6AAB306CB1F4925890BF69FCDF32BBFE942B81
                                      SHA-256:1BDEFECDF8CFA3F6DA606AD4D8BD98EC81E4A244D459A141723CCB9DC47E57CB
                                      SHA-512:61888A778394950D2840E4D211196FFE1CB18FA45D092CBADBEDF2809BDED3D4421330CFE95392DD098E4AE3F6F8A3070E273FFCA2FB495C43C76332CA331DBF
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3...w.x^w.x^w.x^...^v.x^l..^u.x^l..^u.x^l..^u.x^~..^r.x^w.y^[.x^l..^y.x^l..^v.x^l..^v.x^l..^v.x^Richw.x^........PE..L...oPjW...........!.........................0.....m.........................p.......!....@..........................7.......2..P....P...............(..@....`..`....0..............................`1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\j2pkcs11.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):51264
                                      Entropy (8bit):6.576803205025954
                                      Encrypted:false
                                      SSDEEP:1536:urOHh9t7/GAzqHcGxAARrZT9ixHDyo/r0rV9LrBH1bjPEwhEdheBwHWQFgE/XudL:G+9t7/qHcGHuy/pb
                                      MD5:3A744B78C57CFADC772C6DE406B6B31E
                                      SHA1:A89BF280453C0BCF8C987B351C168AEB3D7F7141
                                      SHA-256:629393079539B1B9849704CE4757714D1CBE5C80E82C6BB3BC4445F4854EFA7B
                                      SHA-512:506A147F33C09FA7338E0560F850E42139D0875EF48C297DDB3CC3A29F12822011915FACCB21DA908CF51A462F0EBA56B6B37C71D9C0F842BDE4A697FB4FFB64
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O^;w.?U$.?U$.?U$.G.$.?U$...$.?U$.?T$&?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$Rich.?U$........................PE..L...oPjW...........!.....v...8......l..............m................................O1....@.............................u...|...<.......................@.......................................... ...@............................................text...~t.......v.................. ..`.rdata...'.......(...z..............@..@.data...............................@....rsrc...............................@..@.reloc..V...........................@..B................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jaas_nt.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):19520
                                      Entropy (8bit):6.452867740862137
                                      Encrypted:false
                                      SSDEEP:384:45kF/QP8xkI6hgWIE0PVlyJSZ9nYPLr7+:4SqP7I6rkd4EfC7+
                                      MD5:503275E515E3F2770A62D11E386EADBF
                                      SHA1:C7BE65796AA0E490779F202C67EEC5E9FBB65113
                                      SHA-256:97B5D1C8E7AAACE5C86A418CB7418D3B0BA4F5E178DE3CF1031029F7F36832AF
                                      SHA-512:AC7C0CB626C2D821F0F4E392EE4E02C9E0093F019AA5B2947E0C7B3290A0098A3D9BB803AB44FD304CA1F1D272CFB7B775E3C75C72C7523FF7240F38440CFC3C
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..|fl./fl./fl./}.(/dl./}.*/gl./}../dl./o.'/al./fl./_l./}../kl./}.//gl./}../gl./}.)/gl./Richfl./................PE..L...pPjW...........!.........................0.....m.........................p............@..........................=.......8..d....P...............4..@....`..\....1...............................6..@............0...............................text............................... ..`.rdata..w....0......................@..@.data...`....@.......*..............@....rsrc........P.......,..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jabswitch.exe

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):30784
                                      Entropy (8bit):6.413942547146628
                                      Encrypted:false
                                      SSDEEP:768:+HhfWinfwUFAvnb5TIUX+naSOu9MQQ5jhC7EY:cuin5FAvNTIUX+nbMQQ54EY
                                      MD5:530D5597E565654D378F3C87654CCABA
                                      SHA1:6FAC0866EE0E68149AC0A0D39097CEF8F93A5D9E
                                      SHA-256:0CFAA99AE669DDC00BD59B5857F725DFF5D4C09834E143AB1B5C5F0B5801D13B
                                      SHA-512:D7520A28C3054160FCD62C9D816A27266BE9333E00794434FB4529F0FF49A2B08E033B5E67A823E5C184EE2D19D7F615FF9EE643FE71C84011A7E5C03251F3B4
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............I...I...I..HI...I..JI...I..~I...I..GI...I...I..I...I...I..NI...I..II...IRich...I........PE..L....DjW.................0...,.......1.......@....@..................................<....@.................................dR..x....p...............`..@.......t....A...............................P..@............@..p............................text............0.................. ..`.rdata.......@.......4..............@..@.data........`.......N..............@....rsrc........p.......P..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\java-rmi.exe

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):15936
                                      Entropy (8bit):6.466457942735197
                                      Encrypted:false
                                      SSDEEP:384:GpsbHnDiW6gejmSHhV8cGees7snYPLr7Wj53:GpsbHn/HS/8cresgC743
                                      MD5:CF2F023D2B5F0BFB2ECF8AEEA7C51481
                                      SHA1:6EB867B1AC656A0FC363DFAE4E2D582606D100FB
                                      SHA-256:355366D0C7D7406E2319C90DF2080C0FAE72D9D54E4563C48A09F55CA68D6B0C
                                      SHA-512:A2041925039238235ADC5FE8A9B818DFF577C6EA3C55A0DE08DA3DEDD8CD50DC240432BA1A0AEA5E8830DCDCCD3BFBF9CF8A4F21E9B56DC839E074E156FC008D
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW..................................... ....@..........................`......B.....@..................................#..P....@..\............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata..z.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\java.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):126528
                                      Entropy (8bit):6.8082748642937725
                                      Encrypted:false
                                      SSDEEP:3072:Kw2b3Kr+uWU9XzFhziJ1TBZAhsIn/B9NZwMgjeNXLD:43KFFheLCBpV/
                                      MD5:73BD0B62B158C5A8D0CE92064600620D
                                      SHA1:63C74250C17F75FE6356B649C484AD5936C3E871
                                      SHA-256:E7B870DEB08BC864FA7FD4DEC67CEF15896FE802FAFB3009E1B7724625D7DA30
                                      SHA-512:EBA1CF977365446B35740471882C5209773A313DE653404A8D603245417D32A4E9F23E3B6CD85721143D2F9A0E46ED330C3D8BA8C24AEE390D137F9B5CD68D8F
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!..r..r..r.W.r..r.W(r..r...r..r..(r..r...r..r.W.r..r..r..r.W)r..r.W.r..r.W.r..r.W.r..rRich..r................PE..L...qPjW...........!..... ...........(.......0.....m................................6N....@......................... u...B...U..........................@............5...............................S..@............0......<U..@....................text...b........ .................. ..`.rdata.......0.......$..............@..@.data...............................@....rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\java.exe

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):191040
                                      Entropy (8bit):6.75061028420578
                                      Encrypted:false
                                      SSDEEP:3072:iUJiEoGLsncZizZQ7QBdCPdG3TBfMzrjZqMNGSplN2:iUJsnVzy7QBdC1G3TBEvFp6
                                      MD5:E3E51A21B00CDDE757E4247257AA7891
                                      SHA1:7F9E30153F1DF738179FFF084FCDBC4DAE697D18
                                      SHA-256:7E92648B919932C0FBFE56E9645D785D9E18F4A608DF06E7C0E84F7CB7401B54
                                      SHA-512:FC2981A1C4B2A1A3E7B28F7BF2BE44B0B6435FD43F085120946778F5C2C2CA73AD179796DEC0B92F0C6C8F6B63DD329EECC0AF1BB15392364C209DCF9CD6F7CA
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+H..E...E...E.L.....E..E....E..E....E......E...D...E..E..{.E..E....E..E....E.Rich..E.........PE..L....DjW.....................&....................@..........................0......aN....@.................................L*..d.......................@............................................$..@............................................text...~........................... ..`.rdata...s.......t..................@..@.data....4...@....... ..............@....rsrc................6..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\java_crw_demo.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):23616
                                      Entropy (8bit):6.620094371728742
                                      Encrypted:false
                                      SSDEEP:384:Qp2dG5pC/ujTc8ZrEnrZm8WXLFnPV52WZQAnYPLr7lOGa:uvCGjJ0Q9ndRZdC71a
                                      MD5:1C47DD47EBD106C9E2279C7FCB576833
                                      SHA1:3BA9B89D9B265D8CEC6B5D6F80F7A28D2030A2D1
                                      SHA-256:58914AD5737F2DD3D50418A89ABBB7B30A0BD8C340A1975197EEA02B9E4F25B2
                                      SHA-512:091F50B2E621ED80BAFE2541421906DE1BCC35A0E912055B93E40CD903BE8B474103C0D8FECDF46E7F2F3C44BDADE64A857AB2B9CB5404306055150EE4ED002A
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..v...v...v.....+.t...m'$.u...v...\...m'&.w...m'..t...m'..{...m'#.w...m'".w...m'%.w...Richv...................PE..L...wPjW...........!.....*...........4.......@.....m................................F.....@..........................I..|....E..<....`...............D..@....p.......@...............................D..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...(....P.......:..............@....rsrc........`.......<..............@..@.reloc..^....p.......@..............@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javacpl.cpl

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):160256
                                      Entropy (8bit):6.469497559123052
                                      Encrypted:false
                                      SSDEEP:3072:a2lpElIhbyyH3c1CX766zKELxKvFaPSnjZqMNJlGle:a2rE+xdW+76DEVKv8wv
                                      MD5:4E3C37A4DE0B5572D69AD79B7A388687
                                      SHA1:6B274E166641F9CE0170E99FE2D1F4319B75A9E8
                                      SHA-256:893A86E7B1DE81DEDAB4794732FCCD02790756A2DBE4815C102F039088DFCBD2
                                      SHA-512:8352A1CD859D17A27560448C6FFB0E8200096CAC744C8BB56330397FDE0B7F702E2295999D89FBAD74DF72DF200C391113A23A9B4342ABAC738167967533F9CD
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d6.. We. We. We.;...9We.;...We.)/..)We. Wd..We.O!.(We.;...We.;...!We.;...!We.;...!We.Rich We.........................PE..L....HjW...........!.....r...........q....................................................@.............................Z.......d.... ..............................@...................................@............................................text....p.......r.................. ..`.rdata..jH.......J...v..............@..@.data...,3..........................@....rsrc........ ......................@..@.reloc..@............T..............@..B................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javacpl.exe

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):70208
                                      Entropy (8bit):6.353501201479367
                                      Encrypted:false
                                      SSDEEP:768:jFVfr2k521ZnrawwMmqPXt+rP3b/9/YMCxx0OpPOrEE14EVHLAuDeGJiqrmehiV9:PxioMmqF+2x0MORLVq7qjh3rmKPNpwGg
                                      MD5:C2A59C7343D370BC57765896490331E5
                                      SHA1:A50AF979E08A65EB370763A7F70CDB0E179D705D
                                      SHA-256:40614FE8B91E01AD3562102E440BDBF5FAC5D9F7292C6B16A58F723BFFFE6066
                                      SHA-512:CA266F1B2E51F66D119E2D71E3377C229A3D583853FFB606C101AFEB41689ACE7D1F1594781091DA67F9BE9D09F3019BF048C0F819777E8F1827A56BEEC252C4
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...1...1...1..9....1.j...1..9....1..9...1.....1...0.q.1.....1..9....1..9....1..9....1.Rich..1.................PE..L....HjW.................B...........B.......`....@..........................@......5C....@..................................}..x.......................@....0.......b...............................u..@............`......@{.......................text...,@.......B.................. ..`.rdata..x'...`...(...F..............@..@.data................n..............@....rsrc................p..............@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javafx_font.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):57408
                                      Entropy (8bit):6.6711491011490285
                                      Encrypted:false
                                      SSDEEP:1536:f6arRmcnq2lxm+Na6C7HIT6T8E2pLSSm3:fzm+q7HITS8E2pLSSA
                                      MD5:AEADA06201BB8F5416D5F934AAA29C87
                                      SHA1:35BB59FEBE946FB869E5DA6500AB3C32985D3930
                                      SHA-256:F8F0B1E283FD94BD87ABCA162E41AFB36DA219386B87B0F6A7E880E99073BDA3
                                      SHA-512:89BAD9D1115D030B98E49469275872FFF52D8E394FE3F240282696CF31BCCF0B87FF5A0E9A697A05BEFCFE9B24772D65ED73C5DBD168EED111700CAAD5808A78
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................I2.......(.......*.....................\.:.....\.>...............................)...............+.....Rich............PE..L...tPjW...........!.....r...V.......w.............m......................................@.........................@...x...............................@.......8.......................................@...............4............................text....p.......r.................. ..`.rdata...@.......B...v..............@..@.data...............................@....rsrc...............................@..@.reloc..8...........................@..B................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javafx_font_t2k.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):446528
                                      Entropy (8bit):6.603555069382601
                                      Encrypted:false
                                      SSDEEP:12288:RreTVhY4gXwLR4YS+OX3kQg4O5kM2LY58gwDTxXvwGSelo:Rr4VhyK7eTxXvwelo
                                      MD5:8AE40822B18B10494527CA3842F821D9
                                      SHA1:202DFFA7541AD0FAD4F0D30CEE8C13591DCA5271
                                      SHA-256:C9742396B80A2241CE5309C388B80000D0786A3CAB06A37990B7690FD0703634
                                      SHA-512:AA324A265639C67843B4BF6828029B413044CBE4D7F06A253B78B060EA554FECC6E803D59D03742C485B2EB3D52E5C0A44928DCC927501F413EE4664BB8A11F5
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.4Z..gZ..gZ..g.}g^..gWUggX..gWUeg\..gWUZgW..gWU[g_..g..qg]..gZ..g...g'~Zg~..g'~[g...g'~fg[..gWUag[..g'~dg[..gRichZ..g........PE..L...uPjW...........!..............................m......................................@.........................@..........d.......................@........%...................................\..@...............,............................text...{........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javafx_iio.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):126016
                                      Entropy (8bit):6.608910794554507
                                      Encrypted:false
                                      SSDEEP:3072:oOxjjADzd+aeaPB9JhjxkM2wzGdXJbD/jn8Y6:ocKzeaPB9JhjxknwzG5JbDb8F
                                      MD5:01706B7997730EAA9E2C3989A1847CA6
                                      SHA1:7CEAD73CBE94E824FA5E44429B27069384BFDB41
                                      SHA-256:20533C66C63DA6C2D4B66B315FFCF5C93AE5416E3DAE68CDD2047EFE7958AB3A
                                      SHA-512:3272C8DE6C32D53372D481441DA81AE2B6EA02E8360B23D7F793B24827BD683A6604F43BE18CE2BEE40038FBE7D5F7AF78B2C465A51F82478D881DBEB5744DC2
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........y.r.*.r.*.r.*O..*.r.*.r.*.r.*. .*.r.*. .*.r.*. 0*.r.*. 1*.r.*..0*.r.*...*.r.*. .*.r.*...*.r.*Rich.r.*........PE..L...vPjW...........!.........:.....................m................................c.....@.....................................<.......................@.......\...................................0...@............................................text... ........................... ..`.rdata..8(.......*..................@..@.data...............................@....rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javaw.exe

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):191552
                                      Entropy (8bit):6.744419946343284
                                      Encrypted:false
                                      SSDEEP:3072:lScg0xvhTZNIs3Ft+STckCBQo3C0Y22vncTBfsO9jZqMN3cH1Tefqk:lSclI6nTc3BQo3C0YHncTBxvs65
                                      MD5:48C96771106DBDD5D42BBA3772E4B414
                                      SHA1:E84749B99EB491E40A62ED2E92E4D7A790D09273
                                      SHA-256:A96D26428942065411B1B32811AFD4C5557C21F1D9430F3696AA2BA4C4AC5F22
                                      SHA-512:9F891C787EB8CEED30A4E16D8E54208FA9B19F72EEEC55B9F12D30DC8B63E5A798A16B1CCC8CEA3E986191822C4D37AEDB556E534D2EB24E4A02259555D56A2C
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...%...%...%..w%...%.7D%...%.7q%...%..|%...%...%...%.7E%*..%.7u%...%.7r%...%Rich...%........................PE..L....DjW.....................(...................@..........................0............@.................................\*..d.......................@............................................$..@............................................text............................... ..`.rdata...t.......v..................@..@.data....4...@......."..............@....rsrc................8..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\javaws.exe

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):269888
                                      Entropy (8bit):6.418120581797452
                                      Encrypted:false
                                      SSDEEP:6144:Fp9B0qT85g5Sq+VBY2qVLC2wH5rM8HoQvlHO:5uqT85sSq+ERVm2wZEQvlHO
                                      MD5:F8211DB97BF852C3292C3E9C710C19D9
                                      SHA1:46DAD07779E030D8D1214AFE11C4526D9F084051
                                      SHA-256:ECF4307739CA93F1569CE49377A28B31FE1EB0F44B6950DBAAFA1925B24C9752
                                      SHA-512:B3E20EECA87136CAE77F06E4149E65EBFEF71A43589F7E2833008FE43811A2BC8B6202B6ADB5CE122A1822E83CE226B833DEF93A2B161476BD5B623794E4F697
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a..L%...%...%...>c..8...J.4.-...,.......%.......>c5.....>c4.....>c..$...>c..$...Rich%...................PE..L...rGjW.................t...........C............@..................................a....@.................................L...x.......................@.......8................................... ...@...............h...T........................text....r.......t.................. ..`.rdata...c.......d...x..............@..@.data...8........z..................@....rsrc................V..............@..@.reloc..>-..........................@..B................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jawt.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):13888
                                      Entropy (8bit):6.274978807671468
                                      Encrypted:false
                                      SSDEEP:192:ahKnvndLwm3XLPVlD6yTUZnYe+PjPriT0fwdNJLkoRz:a4j7PVl1TAnYPLr7cLka
                                      MD5:0291BA5765EE11F36C0040B1F6E821FB
                                      SHA1:FFE1DCF575CCD0374DF005E9B01D89F6D7095833
                                      SHA-256:F8540BE2BBD5BDE7962D2FE4E7EC9EF9BF53D95B48781AE549AA792F10032485
                                      SHA-512:72ADDC631D8CF064E1B047B51EEF7F306CA959D24ED705065C33EE8DDDF7EA84B95B3DE5B0709015A81D36ACA01E15CE99A354D4069D4D798ED128A6A76D1010
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X"._9LR_9LR_9LRD..R^9LRD..RS9LRD..RZ9LRVA.R]9LR_9MR|9LRD..R\9LRD..R^9LRD..R^9LRD..R^9LRRich_9LR........PE..L...xPjW...........!......................... .....m.........................`............@..........................&..J...\"..P....@..................@....P..@.... ...............................!..@............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc..t....P......................@..B................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jdwp.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):163904
                                      Entropy (8bit):6.783788147675078
                                      Encrypted:false
                                      SSDEEP:3072:XrQPwE5tlGsXVomHvD+1febSICzqozXtrQwnNZkB+5:XU15tpX9HvsfrTtMwNWBY
                                      MD5:6E08D65F5CBB85E51010F36A84FC181D
                                      SHA1:4EEE8BE68BAAF6320AEA29131A1C0B322F09F087
                                      SHA-256:2D8658909D9E357A4B70FCF862D690EEC82A2F77161ABB021E0839C6A67D4825
                                      SHA-512:DF4494D062E9A8AC82D727D2722DCF32C3FC924FA104F384FA099ADB08ECBDEEA7A19245D779097C0AFCF51F84852328ED595C88380F42BD39560678C8AD9621
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#..cp..cp..cp...p..cp...p..cp.D.p..cp..bp..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cpRich..cp........................PE..L...{PjW...........!...............................m......................................@......................... ?..h...|9..<....P...............h..@....`...)..@...............................(8..@...............,............................text............................... ..`.rdata..._.......`..................@..@.data...0....@.......4..............@....rsrc........P.......8..............@..@.reloc...+...`...,...<..............@..B........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jfr.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):22592
                                      Entropy (8bit):6.620820751411794
                                      Encrypted:false
                                      SSDEEP:384:YL4Z7lZRiY3PB6cGgOp2m1zq2oatSnPV5zYxkpLfsnYPLr7Ybc:E4PZRiY3PB6cVAebaMnd+ypLkC7Cc
                                      MD5:700F5789D2E7B14B2F5DE9FDB755762E
                                      SHA1:F35EDE3441D6E5461F507B65B78664A6C425E9AC
                                      SHA-256:D115EAF96BD41C7A46400DCFF7EF26AC99E3CF7A55A354855C86BAE5C69A895A
                                      SHA-512:664A442DD424CA04AC0CE072B9BBD5EF7C657B59A26403C44A856738F7998466BFE3010825A13451281841D39B0A34D8997EE24497D626EC60C19AA1AF0EE465
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../j.W...e.W..W..W....a.W...g.W...R.W...S.W...b.W...c.W...d.W..Rich.W..........PE..L...|PjW...........!........."......T&.......0.....m.................................O....@.........................`>.......:..<....`...............@..@....p.. ....0...............................9..@............0...............................text...^........................... ..`.rdata..p....0....... ..............@..@.data........P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jfxmedia.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):115264
                                      Entropy (8bit):6.588792190592223
                                      Encrypted:false
                                      SSDEEP:3072:2Cgsy+/cydqNiaZr+lOzZPh7/W4MCnc8Ioaa2yFWcC6vsx/8:FZOzZPh7/WSe+S6v+U
                                      MD5:8BC8FE64128F6D79863BC059D9CC0E2E
                                      SHA1:C1F2018F656D5500ACF8FA5C970E51A55004DA2E
                                      SHA-256:B77CD78FF90361E7F654983856EE9697FDC68A0F9081C06207B691B0C9AF1F5D
                                      SHA-512:6771F23ECF1A449EB6B0B394E0F1D3EB17C973FC0544BA25487C92F215ACC234FC31C9B7BE5528EFD06D29A35BB37DD7934318837576862ADFC2631B4D610A24
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l..>7..l..>...l..>5..l..>...l...#..l..5..l..l.zl.....l.....l..4..l..>3..l..6..l.Rich.l.........PE..L...}PjW...........!.........|......],.......@.....m................................~.....@.....................................x.......................@............................................h..@............@...............................text....-.......................... ..`.rdata..4Z...@...\...2..............@..@.data...4...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jfxwebkit.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):33934912
                                      Entropy (8bit):6.35314231534845
                                      Encrypted:false
                                      SSDEEP:393216:VJ8d7SMzwH5R2sdDcBwHHdI4DKRlDsqXCagQZhzvilh2Wlq7ODI:VJ8d7zzUesdDtevn
                                      MD5:4D857A5FC9CA16D2A67872FACCF85D9F
                                      SHA1:EAEB632E526EFA946E4DB1B8CFA31DE6A7B03219
                                      SHA-256:7FFA7423DDA07499394B345E5ECE2D54C8E19247E6E76C0E23B5BF1470AB0D7F
                                      SHA-512:8DBC8675CE2DACE8D629C3FA66CF65704346AB829AE0B0A1D7B25BE22783B7E73624BA70F6D67264D6CA1656D7590E3753A8DF2227DA45112C5BD4A5654089AF
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O..z!..z!..z!.c...z!..(...z!..(...z!......z!..z!..z!..(..hz!..(...z!......z!. ...z!..z ..{!......p!......z!..(...z!......z!.Rich.z!.................PE..L...~PjW...........!......... $....................m......................................@.................................X...x.......@...............@..............................................@............................................text.............................. ..`.rdata...E.......F..................@..@.data..............................@....unwante............................@..@.rsrc...@...........................@..@.reloc.............................@..B........................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jjs.exe

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):15936
                                      Entropy (8bit):6.475020301731584
                                      Encrypted:false
                                      SSDEEP:384:GpsE5cnm6ObmSHhV8j0eeq4SziahnYPLr79OOu:Gpszn6iS/8jxeqfhC78Ou
                                      MD5:4F11D43AA2215CE771DA528878F01C8E
                                      SHA1:8062681D73489FF200CA0BA426FF1FF3F44494A7
                                      SHA-256:0D554CD4B373D6D9B9C179A468D179388706C0BDE4D878ED75EF575651588B3C
                                      SHA-512:34CB271C32FB479CFAEEC536A5D35A41730E90001D67DC9DB595DB240A1F58C3BF12334BB5CDE7673C8E56A4C272BFBD66E4EACDEE0082F6FD583E4E039EC540
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......C....@.................................$#..P....@..@............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...@....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jli.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):158784
                                      Entropy (8bit):6.816453355323999
                                      Encrypted:false
                                      SSDEEP:3072:gLkNbBRaz4rQWiG6wMz9/S3en9pHUw06TBfkqI44:rNbB4Mcnv7z6en9pj06TB6
                                      MD5:73A76EC257BD5574D9DB43DF2A3BB27F
                                      SHA1:2C9248EAE2F9F5F610F6A1DFD799B0598DA00368
                                      SHA-256:8F19B1BA9295F87E701C46CB888222BB7E79C6EE74B09237D3313E174AE0154F
                                      SHA-512:59ECD5FCF35745BDADCDB94456CB51BB7EA305647C164FE73D42E87F226528D1A53CE732F5EC64CE5B4581FA8A17CFBFDC8173E103AE862D6E92EB3AD3638518
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................6...........0.....=............7....5.....4.....3....Rich............PE..L....PjW...........!...............................o................................Y.....@..........................3..m....*..d....................T..@............................................#..@............................................text...~........................... ..`.rdata...u.......v..................@..@.data....4...@......."..............@....rsrc................6..............@..@.reloc.."............:..............@..B................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jp2iexp.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):207424
                                      Entropy (8bit):6.630800216665857
                                      Encrypted:false
                                      SSDEEP:6144:ckZ5ktGCru8e6Y3RhNw0mjs+OBS7n7ACKRAHbW:ciIbS6Y37Nw0/QC
                                      MD5:475DD87198F9C48EFB08AAB4ADE8AF5A
                                      SHA1:9B657E0837639663D4D721F8C5E25401F11E7BEB
                                      SHA-256:32764005FCCE7D0E51801528F6B68C860979E08D027A5220DFEC19B2A8013354
                                      SHA-512:0B492B0FBADC14178A6F79A58E47C30D92B59B18414E38A7B119699D0788ACF3713F925CF0EC570BE3E29AB26BDB6B567C38526BC0603BA78ECC3E2952EA3E2B
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.*...*...*.......*.......*.;....*.......*.......*...+...*.......*.......*.......*.......*.......*.......*.Rich..*.........................PE..L....PjW...........!.........>.....................o.........................P............@.............................................................@......../...................................C..@...............|...........................text.../........................... ..`.rdata..............................@..@.data....,.......&..................@....rsrc...............................@..@.reloc...6.......8..................@..B........................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jp2launcher.exe

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):82496
                                      Entropy (8bit):6.597347722250847
                                      Encrypted:false
                                      SSDEEP:1536:ez2dfBusTTkMffX+xR5kdt94u+508AqDfJOqsbCkq24maADX:kE5u+kkX+P+dt9O08JJOZXX4nADX
                                      MD5:5F85F7F2DFAC397D642834B61809240F
                                      SHA1:ECA28E8464208FA11EF7DF677B741CDD561483D9
                                      SHA-256:B71E00ADB77D87882D58993A5888955BDD62C57D364F60AAA0FA19D32A69C9DA
                                      SHA-512:2BFE9FCE450E57EA93DEEAA85A746CB17BA946EEFF866F10D67C74F7EA038B16910E0D8EF29E9F358AF7DAABD45E3983C370FEF82A9647546819DCDE3AEE45BC
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-..C..C..C.....C..3..C.v...C..3..C..B.X.C.....C..3..C..3...C..3..C..3..C.Rich.C.........PE..L....HjW............................1.............@.................................cE....@.................................\...x....`..H............*..@....p..h.......................................@............................................text............................... ..`.rdata...C.......D..................@..@.data....0... ......................@....rsrc...H....`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jp2native.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):19008
                                      Entropy (8bit):6.372096409611824
                                      Encrypted:false
                                      SSDEEP:384:PTjlu57T5J5eFeYW7TPVlN3B+ASZQ4NNR7F3qnYPLr7om0:PnUd5eFeDfd5Sj7oC7om0
                                      MD5:4023E25F92B5F13E792901BF112A8EA2
                                      SHA1:31ADCD411905832B89EA55DEC8B9C83AF3C7D3EA
                                      SHA-256:432AEDAC59FA161FED5A5D95CA5F8CFD1D73A35ABE8A7090D137100F727B687B
                                      SHA-512:AD0E6F8071EB09E843989E637BACA988DD7706D84FC26DB7C2E18BBE03A78A6C5BFE4F1B28289B5929B2B86C53FB6C3DAE42523DC8EDE8057A8F431AEA77BB20
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~fQ.~fQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ.~gQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQRich.~fQ................PE..L....PjW...........!.........................0.....o.........................p.......8....@..........................8......43..P....P...............2..@....`.......1..............................P1..@............0.......2..@....................text............................... ..`.rdata..T....0......................@..@.data........@.......&..............@....rsrc........P.......*..............@..@.reloc..J....`......................@..B................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jp2ssv.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):186944
                                      Entropy (8bit):6.612459610032652
                                      Encrypted:false
                                      SSDEEP:3072:XsSFQQB7SGWV2xrkvql6QPJD7mGVqjLypDTaDE5zwmFxy7HglbZrdIG:XJ97PxYAPJ/RV0tDCzw+xy0ldOG
                                      MD5:E9373908186D0DA1F9EAD4D1FDAD474B
                                      SHA1:C835A6B2E833A0743B1E8F6F947CFE5625FE791F
                                      SHA-256:E2FBD6C6334D4765FF8DFF5C5FE3DF8B50015D0BF9124142748FADB987B492FF
                                      SHA-512:BFDC236D462DAC45FD63C112E40558ED4E11E76FB4D713926A679FD573F67FA16451231A03178926B76BD267F092A33A3B6760CF4812DE2679BB9505B83F8261
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.+.#.x.#.x.#.x.mGx.#.x..Ax.#.x..ux3#.x.[Lx.#.x.[\x.#.x.#.x #.x.Utx.#.x..tx.#.x..Dx.#.x..Ex.#.x..Bx.#.xRich.#.x................PE..L....PjW...........!................K........ .....o................................,j....@................................. ...d.......................@............"...............................f..@............ ..P...L|.......................text...\........................... ..`.rdata...m... ...n..................@..@.data....5...........z..............@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jpeg.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):145984
                                      Entropy (8bit):6.69725055196282
                                      Encrypted:false
                                      SSDEEP:3072:S2yRKm4/j/dKLnjHy7OMD+MqS1RYio7+oD33GnUV0fem2M:S2ytqlYnjHehDzqiq+oD33OUV8Vx
                                      MD5:4294D39CC9E5F23754D41B9DDE710112
                                      SHA1:1BAA1E136F18108AB4E31EC005DEC54FC3F23A7C
                                      SHA-256:DE3EEDED01B35DC7C29B0B758211BB1DB73CCFFB9298D281DAF56924ED9E93CB
                                      SHA-512:E88DFF129DD35445B32A2DBCAB97CF752E9ACDF82FF88B184FA6D3B461D55BD2D195794802C5BA5E7EFFA086DC89E0C2CEF0C8B0BFA29AC70B75CFB1B4B0584C
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:.j.i.j.i.j.i..5i.j.i..8i.j.i...i.j.i..:i.j.i.j.i.j.i...i.j.i..=i.j.i..<i.j.i..;i.j.iRich.j.i................PE..L....PjW...........!.........P......)..............o.........................`............@.........................."..X.......P....@..............."..@....P..........................................@............................................text...N........................... ..`.rdata...9.......:..................@..@.data........0......................@....rsrc........@......................@..@.reloc..4....P......................@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jsdt.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):16448
                                      Entropy (8bit):6.482296988184946
                                      Encrypted:false
                                      SSDEEP:384:n11I27Bf0jeZy+hiqEyRoPV527rBnYPLr7/U:nrJfYqodYJC78
                                      MD5:4BDF31D370F8A893A22820A3B291CC1D
                                      SHA1:BD27656B42F881EEE1940CFE15CF84C1938B57BA
                                      SHA-256:C98DFAC99CC1E05D5F86B2577031A7624DCC13D0A8344B2855F166335177BC16
                                      SHA-512:51623274C13DA71AD01DBAD7950444B512F08C3DC04E27F0321DF02E9F3C4DFB308DEF35F58524CCCCE79ED2A8859D85C16DC0D9BEA378E5538E23602D35AA76
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.m..d>..d>..d>.b.>..d>...>..d>..e>..d>...>..d>...>..d>...>..d>...>..d>...>..d>...>..d>Rich..d>........................PE..L....PjW...........!.........................0.....o.........................p......n.....@.........................P8..:....4..<....P...............(..@....`.......0...............................3..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jsound.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):30784
                                      Entropy (8bit):6.609051738644882
                                      Encrypted:false
                                      SSDEEP:384:mk87qhVj8sqgP7CRLMOPfkGo7UdJs0flkg2uG8RPGHTR5ny5pnYPLr7z:mk87qhVjaMOPJdJFflLJR+V03C7z
                                      MD5:7BD914407C6D236B27865A8C63147B7F
                                      SHA1:9B49E48705341D30E3F92B85652E924C7985E415
                                      SHA-256:549849DC910261D817670B192715430395993E811D0FD3103651237D7F18929D
                                      SHA-512:624DC95F696BEA311726EAFB0017F363C8703B95A2E08DE984C642867888CF5B9172326C2E2567ED4A2EA28F806B633840552C80BE49EB6CF2A8FC4A0C259117
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Nu.h &.h &.h &...&.h &...&.h &...&.h &.h!&_h &...&.h &...&.h &...&.h &...&.h &...&.h &Rich.h &........PE..L....PjW...........!.....8...(.......A.......P.....o.................................G....@.........................P^.......V..P....................`..@...........`Q...............................U..@............P..D............................text...66.......8.................. ..`.rdata.. ....P.......<..............@..@.data...$....p.......V..............@....rsrc................X..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\jsoundds.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):27712
                                      Entropy (8bit):6.6264206752006825
                                      Encrypted:false
                                      SSDEEP:768:hgWe1DWI+mB7JkJKe3xVF2XNbuHEqe8yIGn3zY9pcQ/oGmEsg0sqkgiHmNs2Qd6X:qWbEK1Ms2dYJG
                                      MD5:6280201C1918EA3293919BB282D2B563
                                      SHA1:3F6F5299A435E2A0C36BE8AAD4CB2FCAACD0897D
                                      SHA-256:0711127A297E4CC1927D77013FC040CAA26930C34A4C7B4D7631BCE9C8041B74
                                      SHA-512:A4C4507ED4FDEC038FAFA62970161E7B75FF9A2ABBDF854ED55483144DCDC0FC9D21235FDDDF1B38303723F9C615AE388397C4D17B5391D8827A5B40AC52C5FC
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q...q...q.......q.......q.......q...q...q....=..q....<..q.......q.......q.......q..Rich.q..........................PE..L....PjW...........!.....6...$.......?.......P.....o................................p;....@.........................0Y.......S.......p...............T..@.......0....Q...............................R..@............P...............................text...f4.......6.................. ..`.rdata.......P.......:..............@..@.data...L....`.......J..............@....rsrc........p.......L..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\kcms.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):178240
                                      Entropy (8bit):6.793245389378621
                                      Encrypted:false
                                      SSDEEP:3072:gWosiKTxga2KtpdhEnGF5PNyR0BxDxxKF5HkEWnuYsauj9Fom1QB:3RRKAtpdhEn/0BzwFpvYm0z
                                      MD5:BF299F73480AF97A750492E043D1FADD
                                      SHA1:C93C4A2DAE812F31603E42D70711D3B6822F9E8E
                                      SHA-256:0334E3B7AE677116B92516172D0CA905723DAF847D8B3B0DC3FC118EDC703D51
                                      SHA-512:7265783F0DD653DBC4693D5EFEB156281620C5421F29910F14C22B75A936233E9E897087E64B641335795484837F28F113EE9F380027698A898F19115FD0F648
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:..di..di..di.k.i..di.k.i..di...i..di.k.i..di..ei..di.k.i..di.k.i..di.k.i..di.k.i..diRich..di................PE..L...pPjW...........!.....^...F.......g.......p.....o.................................Z....@.............................d....x..P.......h...............@....... ...`q..............................pw..@............p..H............................text....\.......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....rsrc...h...........................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\keytool.exe

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):15936
                                      Entropy (8bit):6.474237923131844
                                      Encrypted:false
                                      SSDEEP:384:Gps45cnQ6DmSHhV8r0eeU4Szi6nYPLr70aG:Gpsnn4S/8rxeUvC7RG
                                      MD5:9A4CF09834F086568DF469E3F670BF07
                                      SHA1:594C4E0394475A6299C79E3A063C7D5AE49635F3
                                      SHA-256:709E9E544434C52285A72F29AD6B99CE1E7668545F10AD385C87ABF34D2052BB
                                      SHA-512:CD551E7944461F3288B880B9D161F19F97EB4599A3A46CC93C4172B5112960FB0C040B9996F13CF0761FB85A283E2F20944135EC59660C807A59B29CDDC44586
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......@....@.................................4#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\kinit.exe

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):15936
                                      Entropy (8bit):6.477340414037824
                                      Encrypted:false
                                      SSDEEP:384:Gps45cnk6LlmSHhV8i+ceek4SzS+nYPLr7wd:Gpsnn5AS/8jZek7C7wd
                                      MD5:4DE6BFE6EA98BC42A5358ED8307107B2
                                      SHA1:8F687E60784FD9046A361DC1DC85D43051CBD577
                                      SHA-256:7C07D167AA4A23AB64A205301663C87E578FF6B31985DF8B51AF80CA6999176F
                                      SHA-512:8091AADEACAD1DAC5191EBB996D1E4BE25A19C10A4E76F79AB7EA2A592711FD39AAD7E89D7DEE09385296AA7A649AABFA7C325C4A627AFE1C009C906709EDB5A
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`............@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\klist.exe

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):15936
                                      Entropy (8bit):6.477747126356611
                                      Encrypted:false
                                      SSDEEP:384:GpsJ5cn66FmSHhV8Teeek4SzSgnYPLr7mpB:GpsUngS/8TDekdC7yB
                                      MD5:CA17B8CBD623477C5D1D334B79890225
                                      SHA1:2BFC372A28EDE40093286CDA45003951A2CE424F
                                      SHA-256:A7AC47AC8518E2D53575E12521B3A766A5E2EE4133C6C6AB9AE1C3C6777F5E77
                                      SHA-512:D9DDF3E67B9A4E0197D271243623D4DF8A26A35EC2F5195AB316E910E133BA09C70F6D28E7CA69184E4ABABCF063C014D7A6E6EA48F82382B316864A945175C5
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`....... ....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\ktab.exe

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):15936
                                      Entropy (8bit):6.476844183458217
                                      Encrypted:false
                                      SSDEEP:384:Gpsw5cnL6U0mSHhV89+ee84SzSFnYPLr7KTdK:Gps/nHpS/89je80C7KQ
                                      MD5:B4AD335E868693F009B7644E2ED555C1
                                      SHA1:ECCB9711CF78BCD5BD78231A838B1852764B301C
                                      SHA-256:CCA46A54A1A9CE78F7FFC49D195C4AB970AD540B5FCB2B6D9BF57EEDF38EC28D
                                      SHA-512:04A4670345B47C5B256220A85FFC68A1DD6DFE8D44838A4C634EB0EBC469EFC307B0BCF838AA1244634A315F365518B1633586B872C6D459EE80374D14234CA4
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......{.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\lcms.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):185920
                                      Entropy (8bit):6.517453559791758
                                      Encrypted:false
                                      SSDEEP:3072:pmxoFzYbnERrNyf0VCyqp2pswAG8wJfV1cnrQKUCc9rBTq/bKQcUMZ:koFJcQCyuZG8wdKcLgbDcU6
                                      MD5:D4246AF96E1FFA5E63C55E6F0A63ED82
                                      SHA1:30F319CEBD7BCCCFC3637231D07F45BD5A79B03E
                                      SHA-256:84576AAC88D08E864645415D8A81F4B8F04C881B7624973C952BA6BCB94F4C8C
                                      SHA-512:92EDFE62BE5BDDC47EC51B01F8FE71C69691423ABECBB358A972766ACCDC8F9365C064FD0A7833C8853EDD5DED51791A7662584DB5F54BE3586AC2787160FA6A
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AE.m.$z>.$z>.$z>.\.>.$z>...>.$z>...>.$z>...>.$z>.${>T$z>...>"$z>...>.$z>...>.$z>...>.$z>Rich.$z>........................PE..L...pPjW...........!.................%.......0.....o......................................@..........................P..h...LK..d.......................@.......$... 1...............................I..@............0...............................text............................... ..`.rdata..H#...0...$... ..............@..@.data....h...`...\...D..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\management.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):33344
                                      Entropy (8bit):6.5580840927675945
                                      Encrypted:false
                                      SSDEEP:768:5TuVpsEkV3/azbYJHf2ZdCwhxKdv0tCFC7dRb:5YQV3/az8x2HCSScC4dRb
                                      MD5:EFF31A13A4A5D3E9A5BD36E7349D028B
                                      SHA1:8E47BE8C1CE4DFD73B7041679E96EA4A17DDB4C0
                                      SHA-256:307B816892FDD9BAD9E28953E1BBB4BCE35C8F8CA783C369D7EB52A22BCC4229
                                      SHA-512:72148C757624868D3866C40B31149CCA171737D82ADBCDF2C8FB03A9D8F3C1CEA2B2FC5137DD11DAAD2328D3AF8FAE43568DCCD843664BC43323F9357B67B6A0
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\j.29.29.29w..9.29...9.29...9.29..9.29...9.29.39..29...9..29...9.29...9.29...9.29Rich.29........PE..L...pPjW...........!.....,...>......H6.......@.....o................................T.....@..........................T.......K.......................j..@...........pA..............................XJ..@............@..P............................text...^+.......,.................. ..`.rdata...-...@.......0..............@..@.data...@....p.......^..............@....rsrc................`..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\mlib_image.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):574528
                                      Entropy (8bit):6.508068830472597
                                      Encrypted:false
                                      SSDEEP:12288:NtKMEr1LBBgPcvhwhtRtL+tKJZetu4zxLukaMevlOjPMat4+8NMutQaLqqiINw3X:NtKMEr1VBgPcvhwhtRtL+tkZezxLuQeS
                                      MD5:5E1B7D0ACCB4275DEAB6312AA246CB3E
                                      SHA1:488A5CB9D9C0CF27824DF32B9B76D4F67F6FB485
                                      SHA-256:9FC49B3F6FD11A2B2B92748C24F21721D1011B1920D092E38AF4021102125543
                                      SHA-512:5A875DD4731E862F753EBB987593DC61D39DD3D3D13CDED284DE27DD09AFA946FA96824AC194EC0DD45AA2CE0D56637A5522F49F28F3C89B7F5248D389B1B62E
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8i.8i.8i.@..8i....8i.8h.8i....8i....8i.....8i....8i....8i....8i.Rich.8i.........PE..L...pPjW...........!...............................o.....................................@......................... ..."......<.......................@...........................................p...@............................................text............................... ..`.rdata..B...........................@..@.data...,...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\msvcp120.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):455328
                                      Entropy (8bit):6.698367093574994
                                      Encrypted:false
                                      SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                                      MD5:FD5CABBE52272BD76007B68186EBAF00
                                      SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                                      SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                                      SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\msvcr100.dll

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):773968
                                      Entropy (8bit):6.901569696995594
                                      Encrypted:false
                                      SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                      MD5:BF38660A9125935658CFA3E53FDC7D65
                                      SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                      SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                      SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                      Malicious:false
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Windows\Installer\5fc4a9.msi

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {E79220BD-86C9-4103-8556-768F713A30D4}, Number of Words: 10, Subject: New Ar 2, Author: New Ar 2, Name of Creating Application: New Ar 2, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o New Ar 2., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Mon Aug 19 15:57:00 2024, Last Saved Time/Date: Mon Aug 19 15:57:00 2024, Last Printed: Mon Aug 19 15:57:00 2024, Number of Pages: 450
                                      Category:dropped
                                      Size (bytes):67692544
                                      Entropy (8bit):7.9938535258637184
                                      Encrypted:true
                                      SSDEEP:1572864:zbvXF+e76KJ9I4OzKvmTq4aMh6zGORvApErPLpcNRc3xBKHR:3P5J9I9GWhC7vApEXNCH
                                      MD5:EFADB006E9FD7D8782E43BEF2B67433D
                                      SHA1:9480BD0BE6C5B3251E311B1B5984089F2EB0EAC2
                                      SHA-256:3C1AED8D9962DDA98E0F08CE8EC2D42B0817C1DFD173D1E70E2F09EC8DA4F7C5
                                      SHA-512:A87A0CD993CB185306DA4D8EB386125C2D2588386A94F4C7806BB4F035C4B8B4A7D2EBAB2B2108A417A65ECA4A72472C984E13D578E0A770E7CD49114BB4D7E0
                                      Malicious:false
                                      Preview:......................>...........................................}...........J.......f.......s...............................................................i.......&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...{...............6...............................)...8........................................................................... ...!..."...#...$...%...&...'...(...0...*...+...,...-......./...5...1...2...3...4...9...7.......@...D...:...;...<...=...>...?...B...A...C...N.......E...F...G...H...I...Y.......L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                      C:\Windows\Installer\MSICBBE.tmp

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:modified
                                      Size (bytes):925800
                                      Entropy (8bit):6.5962529078695535
                                      Encrypted:false
                                      SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                      MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                      SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                      SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                      SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                      Malicious:false
                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                      C:\Windows\Installer\MSICC2C.tmp

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):925800
                                      Entropy (8bit):6.5962529078695535
                                      Encrypted:false
                                      SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                      MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                      SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                      SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                      SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                      Malicious:false
                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                      C:\Windows\Installer\MSICC5C.tmp

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):925800
                                      Entropy (8bit):6.5962529078695535
                                      Encrypted:false
                                      SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                      MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                      SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                      SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                      SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                      Malicious:false
                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                      C:\Windows\Installer\MSICC8C.tmp

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):925800
                                      Entropy (8bit):6.5962529078695535
                                      Encrypted:false
                                      SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                      MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                      SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                      SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                      SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                      Malicious:false
                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                      C:\Windows\Installer\MSICCCB.tmp

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):925800
                                      Entropy (8bit):6.5962529078695535
                                      Encrypted:false
                                      SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                      MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                      SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                      SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                      SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                      Malicious:false
                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                      C:\Windows\Installer\MSID0B4.tmp

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):47312
                                      Entropy (8bit):5.48306001168432
                                      Encrypted:false
                                      SSDEEP:384:vd/uQPwsPTKsuxWuUUFAWsXc70J6CjpdvUlTODxdIz6DGKyHVn00QDLzWbFEqAp2:vd/xJPz1ofKhhNEMLbxvgb4dy
                                      MD5:46D9631AE7FD6B013CD3A4DEA968F2DA
                                      SHA1:516971C15E8843B76D345451D7CB4265F2F96536
                                      SHA-256:F0F96C6889290245C6408D035C9020063E50B8A962B7F2C6888749BD89AD83EE
                                      SHA-512:CC67CD28CDAC6D9850E69967387F50B208467F1CEF9E7C22BB49559A68309D3FCE6CF071837EAB0DECE49949D6232E73A611B51416F364A4307431B654ED9C60
                                      Malicious:false
                                      Preview:...@IXOS.@.....@)?.Y.@.....@.....@.....@.....@.....@......&.{23AAF2F9-9F94-4486-A2DE-9628990674A1}..New Ar 2..CTGZXFCD179480408.msi.@.....@.....@.....@........&.{E79220BD-86C9-4103-8556-768F713A30D4}.....@.....@.....@.....@.......@.....@.....@.......@......New Ar 2......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]...@.......@........ProcessComponents%.Atualizando o registro de componentes...@m....@.....@.]....&.{9DF256DC-2E1B-4AE9-AD36-A853530ADE87}2.C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\.@.......@.....@.....@......&.{6FDAD8C4-AC91-47D5-B050-1E22F667AF36}&.01:\Software\New Ar 2\New Ar 2\Version.@.......@.....@.....@......&.{FD5E4EA6-884C-4125-99E8-220F38755F5C}?.C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\Data.exe.@.......@.....@.....@......&.{ACED1E9F-A8CC-4F0A-BF34-E62BC5D4F8A2}F.C:\Users\user\AppData\Roaming\New Ar 2\New Ar 2\dist\jre\bin\awt.dll.@.......@.....@.....@......&.{BEC4F991-BDDF-45

                                      C:\Windows\Installer\SourceHash{23AAF2F9-9F94-4486-A2DE-9628990674A1}

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:Composite Document File V2 Document, Cannot read section info
                                      Category:dropped
                                      Size (bytes):20480
                                      Entropy (8bit):1.167243326662843
                                      Encrypted:false
                                      SSDEEP:12:JSbX72FjjGiAGiLIlHVRpwh/7777777777777777777777777vDHFNFuO7jXl0i5:JRJQI5Y5uVF
                                      MD5:DE222407C4DB2AF06A85C3D77CC4C641
                                      SHA1:B637FCAB4F019200919101FB6CE8AA988A21F950
                                      SHA-256:BBE2FD2757403FA05CD51988D77020B5D5231FCC5D73830CF4A65BE7B54480AF
                                      SHA-512:62CECBAFDD32B67E46781CD99E21E4612BF0D16AEFC3A2B6D484520C6A36956C6D57350A9EBAB500F661BBBBC3CCB554688380BD24FFE1C9FCD53A6F714EF05D
                                      Malicious:false
                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Windows\Installer\inprogressinstallinfo.ipi

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:Composite Document File V2 Document, Cannot read section info
                                      Category:dropped
                                      Size (bytes):20480
                                      Entropy (8bit):1.5324756905155912
                                      Encrypted:false
                                      SSDEEP:48:B8PhFuRc06WXJEFT5g67YmqS7mYAErCyILNmqS7mmTh1pR:chF1HFTro5wC5Ap
                                      MD5:D873D6EC93325838E49D6F042DBCE716
                                      SHA1:D58EF9A93D53ED162A9CBD511FDA98A2BC3219F1
                                      SHA-256:FEB16CDFF2899AFBC68EB7F941A87DD8C8E2957F46900D0C1E46AD06CDC2698B
                                      SHA-512:F79767F5FF461D145EF06733140B6F9E2CA8675EC558E6B4585D0C570A073F20CB7961768B637844BEF434A825301782E9D4AE36A7993A3498128B5948698269
                                      Malicious:false
                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):364484
                                      Entropy (8bit):5.365500832872693
                                      Encrypted:false
                                      SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgau6:zTtbmkExhMJCIpEJ
                                      MD5:06A82F370FDC3C6A9542465CBAE5BE5D
                                      SHA1:0293647F09F4A78FCCCEEDF6B3F0E01FDAA07061
                                      SHA-256:C59BB47C1DF2F3A7586BEB1FD8DEE2245ADCC79003B090BD7845600AEC0F3ACF
                                      SHA-512:6705ACB5F609E67BD09E01E08813E3BF7B85E917B1372B577A859BADD96DEBC36B6BDC5055D9F5E780D426C987C38251B5B311680AB2E71AF09418165EED166C
                                      Malicious:false
                                      Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                      C:\Windows\Temp\~DF02E8C2005A241948.TMP

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:Composite Document File V2 Document, Cannot read section info
                                      Category:dropped
                                      Size (bytes):32768
                                      Entropy (8bit):1.230735692886628
                                      Encrypted:false
                                      SSDEEP:48:cG9ulO+CFXJ5T5NK67YmqS7mYAErCyILNmqS7mmTh1pR:j9ZhTHo5wC5Ap
                                      MD5:4E843B93B524FC70574E06A74005631F
                                      SHA1:4F2DD20BE32C9E5A0A87C50A028378738AF544BE
                                      SHA-256:D063ED11F1534359D49241C820E26055FD666109C032EE75C66FEA3973FADAD4
                                      SHA-512:3047847452049E8FB543A5D045C4A30F807AC474B5646B402AEE660A9A7504031CB3DACDC90152DFEE2C7E26E900430E14C3D19797D6635E02C5372009F62CA4
                                      Malicious:false
                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Windows\Temp\~DF057C98EAECF9DA0F.TMP

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:Composite Document File V2 Document, Cannot read section info
                                      Category:dropped
                                      Size (bytes):32768
                                      Entropy (8bit):1.230735692886628
                                      Encrypted:false
                                      SSDEEP:48:cG9ulO+CFXJ5T5NK67YmqS7mYAErCyILNmqS7mmTh1pR:j9ZhTHo5wC5Ap
                                      MD5:4E843B93B524FC70574E06A74005631F
                                      SHA1:4F2DD20BE32C9E5A0A87C50A028378738AF544BE
                                      SHA-256:D063ED11F1534359D49241C820E26055FD666109C032EE75C66FEA3973FADAD4
                                      SHA-512:3047847452049E8FB543A5D045C4A30F807AC474B5646B402AEE660A9A7504031CB3DACDC90152DFEE2C7E26E900430E14C3D19797D6635E02C5372009F62CA4
                                      Malicious:false
                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Windows\Temp\~DF180D681D550E56B4.TMP

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):32768
                                      Entropy (8bit):0.07500449277545268
                                      Encrypted:false
                                      SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOLnXwoW8OJOtCVky6ljX:2F0i8n0itFzDHFNFuO7jX
                                      MD5:31B4D0A86FF543DB61454BC500C545A8
                                      SHA1:B5695994248ECA1FE8AE7ECBC64A6EBEB0F9CE81
                                      SHA-256:9F6E44BD8E3F550AF2B8E33DD4D998F9A2DF6B1B2EAAC69A5F8A3A38DA8F7891
                                      SHA-512:68570CB81932F28B4F355ED25EFF0C93C2C8548DDE44B0902DEDDDF60DCF42D51072C27C28D240D2D007464C716E3C068E467B4E4576046F79B6E1B04F069BD7
                                      Malicious:false
                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Windows\Temp\~DF3B4AB6A6CCE6D4DC.TMP

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):512
                                      Entropy (8bit):0.0
                                      Encrypted:false
                                      SSDEEP:3::
                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                      Malicious:false
                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Windows\Temp\~DF6AE4E8EAD5656D75.TMP

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):512
                                      Entropy (8bit):0.0
                                      Encrypted:false
                                      SSDEEP:3::
                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                      Malicious:false
                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Windows\Temp\~DF78C8ACCE5F25F1A2.TMP

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):73728
                                      Entropy (8bit):0.12504543844013258
                                      Encrypted:false
                                      SSDEEP:24:3pfJymTx04mqipV04mQ04mqipV04mYAEV0yjCyILVQwG/w+Gx:3pRymTHmqS7m0mqS7mYAErCyILLfx
                                      MD5:AA394F175D968D0A2963F72218B18F21
                                      SHA1:DE6A207E10BA8739554D3B544DAE070185934559
                                      SHA-256:FB54182C882900EC5652CD4DAB835B52FB2541FF03CCF9A2F850E555D650866E
                                      SHA-512:B7AEFE9B9C24857F3590768D452BB06B377F5B50F8DCE1EBEA67FD185F7AEBB6EB14C829A4C52819D3D87296C66D054E428A18BC4197D12D1748E8B788447C3B
                                      Malicious:false
                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Windows\Temp\~DF9B0D066797DDC846.TMP

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):512
                                      Entropy (8bit):0.0
                                      Encrypted:false
                                      SSDEEP:3::
                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                      Malicious:false
                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Windows\Temp\~DFD50565E73CC8A1C2.TMP

                                      Download File
                                      Process:C:\Windows\System32\msiexec.exe
                                      File Type:Composite Document File V2 Document, Cannot read section info
                                      Category:dropped
                                      Size (bytes):20480
                                      Entropy (8bit):1.5324756905155912
                                      Encrypted:false
                                      SSDEEP:48:B8PhFuRc06WXJEFT5g67YmqS7mYAErCyILNmqS7mmTh1pR:chF1HFTro5wC5Ap
                                      MD5:D873D6EC93325838E49D6F042DBCE716
                                      SHA1:D58EF9A93D53ED162A9CBD511FDA98A2BC3219F1
                                      SHA-256:FEB16CDFF2899AFBC68EB7F941A87DD8C8E2957F46900D0C1E46AD06CDC2698B
                                      SHA-512:F79767F5FF461D145EF06733140B6F9E2CA8675EC558E6B4585D0C570A073F20CB7961768B637844BEF434A825301782E9D4AE36A7993A3498128B5948698269
                                      Malicious:false
                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      Static File Info

                                      General

                                      File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {E79220BD-86C9-4103-8556-768F713A30D4}, Number of Words: 10, Subject: New Ar 2, Author: New Ar 2, Name of Creating Application: New Ar 2, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o New Ar 2., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Mon Aug 19 15:57:00 2024, Last Saved Time/Date: Mon Aug 19 15:57:00 2024, Last Printed: Mon Aug 19 15:57:00 2024, Number of Pages: 450
                                      Entropy (8bit):7.9938535258637184
                                      TrID:
                                      • Windows SDK Setup Transform Script (63028/2) 47.91%
                                      • Microsoft Windows Installer (60509/1) 46.00%
                                      • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                      File name:CTGZXFCD179480408.msi
                                      File size:67'692'544 bytes
                                      MD5:efadb006e9fd7d8782e43bef2b67433d
                                      SHA1:9480bd0be6c5b3251e311b1b5984089f2eb0eac2
                                      SHA256:3c1aed8d9962dda98e0f08ce8ec2d42b0817c1dfd173d1e70e2f09ec8da4f7c5
                                      SHA512:a87a0cd993cb185306da4d8eb386125c2d2588386a94f4c7806bb4f035c4b8b4a7d2ebab2b2108a417a65eca4a72472c984e13d578e0a770e7cd49114bb4d7e0
                                      SSDEEP:1572864:zbvXF+e76KJ9I4OzKvmTq4aMh6zGORvApErPLpcNRc3xBKHR:3P5J9I9GWhC7vApEXNCH
                                      TLSH:56E73361B18B8116FA7D5176A93AEF6F44BE7F73033040E737A4BA1A09F98D061B6503
                                      File Content Preview:........................>...........................................}...........J.......f.......s...............................................................i.......&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;..

                                      File Icon

                                      Icon Hash:2d2e3797b32b2b99

                                      Network Behavior

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Aug 28, 2024 13:57:57.893311024 CEST5357253162.159.36.2192.168.2.5
                                      Aug 28, 2024 13:57:58.370714903 CEST53640951.1.1.1192.168.2.5

                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:07:57:11
                                      Start date:28/08/2024
                                      Path:C:\Windows\System32\msiexec.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\CTGZXFCD179480408.msi"
                                      Imagebase:0x7ff6094f0000
                                      File size:69'632 bytes
                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:2
                                      Start time:07:57:11
                                      Start date:28/08/2024
                                      Path:C:\Windows\System32\msiexec.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\msiexec.exe /V
                                      Imagebase:0x7ff6094f0000
                                      File size:69'632 bytes
                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:3
                                      Start time:07:57:15
                                      Start date:28/08/2024
                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 3D762178AF352014197687C1EC823CB3
                                      Imagebase:0x700000
                                      File size:59'904 bytes
                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      Disassembly

                                      No disassembly