Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
EYOFFTITMDLXZJFFCCGFDTBIY.msi

Overview

General Information

Sample name:EYOFFTITMDLXZJFFCCGFDTBIY.msi
Analysis ID:1500453
MD5:dde14d0e46b12f8a8c0cd770b905162c
SHA1:a2d8c6e6bd927d1905bd174303a1dc5facf25590
SHA256:a75287cc1412efff5df14e6e8a59cf38bdb3e2fbd60f19126671fe5493cee47b
Tags:147-45-116-5msi
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Creates autostart registry keys to launch java
Found suspicious ZIP file
Java source code contains very large array initializations
Checks for available system drives (often done to infect USB drives)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7612 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\EYOFFTITMDLXZJFFCCGFDTBIY.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7672 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7792 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 03C0057B2BCA561143D0212352BCB168 MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Windows\System32\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\plugin2\msvcr100.dllJump to behavior
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb source: java_crw_demo.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdbPfC source: javaws.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: ktab.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb@ source: fontmanager.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb source: eula.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: javaws.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: sunmscapi.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: servertool.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: java-rmi.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb0 source: eula.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\ssvagent\obj\ssvagent.pdb source: ssvagent.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: orbd.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: zip.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb source: fontmanager.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libunpack\unpack.pdb source: unpack.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: pack200.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libkrb5\w2k_lsa_auth.pdb9' source: w2k_lsa_auth.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb98 source: java_crw_demo.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: rmid.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: dt_shmem.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\deploy.pdb source: deploy.dll.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: EYOFFTITMDLXZJFFCCGFDTBIY.msi, MSID248.tmp.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libkrb5\w2k_lsa_auth.pdb source: w2k_lsa_auth.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: policytool.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: jp2launcher.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdbP*A source: jp2launcher.exe.2.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: jfxwebkit.dll.2.drString found in binary or memory: ftp://http://base%.20s%ddefault%d%.20scopying
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamer
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internal
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.This
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Your
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: jfxwebkit.dll.2.drString found in binary or memory: http://exslt.org/common
Source: jfxwebkit.dll.2.drString found in binary or memory: http://exslt.org/commonnode-setdata-typexsltDoSortFunction:
Source: jfxwebkit.dll.2.drString found in binary or memory: http://icl.com/saxon
Source: jfxwebkit.dll.2.drString found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://ocsp.thawte.com0
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://s2.symcb.com0
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://sv.symcd.com0&
Source: jfxwebkit.dll.2.drString found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1.
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: jfxwebkit.dll.2.drString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: jfxwebkit.dll.2.drString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD
Source: gstreamer-lite.dll.2.drString found in binary or memory: http://www.ifpi.org/isrc/
Source: jfxwebkit.dll.2.drString found in binary or memory: http://www.jclark.com/xt
Source: jfxwebkit.dll.2.drString found in binary or memory: http://www.khronos.org/registry/typedarray/specs/latest/#7
Source: ffjcext.zip.2.drString found in binary or memory: http://www.mozilla.org/2004/em-rdf#
Source: ffjcext.zip.2.drString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://www.symauth.com/cps0(
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: http://www.symauth.com/rpa00
Source: jfxwebkit.dll.2.drString found in binary or memory: http://xmlsoft.org/XSLT/
Source: jfxwebkit.dll.2.drString found in binary or memory: http://xmlsoft.org/XSLT/Templates:
Source: jfxwebkit.dll.2.drString found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: jfxwebkit.dll.2.drString found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxpath
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: https://d.symcb.com/cps0%
Source: servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drString found in binary or memory: https://d.symcb.com/rpa0

System Summary

barindex
Found suspicious ZIP file
Source: ffjcext.zip.2.drZip Entry: {CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.js
Java source code contains very large array initializations
Source: access-bridge.jar.2.dr, com/sun/deploy/resources/Deployment.javaLarge array initialization: getContents: array initializer size 1606
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\55c72a.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID15C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID218.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID248.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID278.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID2B8.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{2D10371B-AC7F-42E1-BF25-D954CE17B240}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID430.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSID15C.tmpJump to behavior
Source: EYOFFTITMDLXZJFFCCGFDTBIY.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs EYOFFTITMDLXZJFFCCGFDTBIY.msi
Source: classification engineClassification label: mal52.winMSI@4/150@0/0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CMLD4C7.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF1127732E3C763095.TMPJump to behavior
Source: jfxwebkit.dll.2.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: jfxwebkit.dll.2.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: jfxwebkit.dll.2.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: jfxwebkit.dll.2.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: jfxwebkit.dll.2.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: jfxwebkit.dll.2.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: jfxwebkit.dll.2.drBinary or memory string: CREATE TABLE Origins (origin TEXT UNIQUE ON CONFLICT REPLACE, path TEXT);
Source: jfxwebkit.dll.2.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\EYOFFTITMDLXZJFFCCGFDTBIY.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 03C0057B2BCA561143D0212352BCB168
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 03C0057B2BCA561143D0212352BCB168Jump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: EYOFFTITMDLXZJFFCCGFDTBIY.msiStatic file information: File size 67692544 > 1048576
Source: C:\Windows\System32\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\plugin2\msvcr100.dllJump to behavior
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb source: java_crw_demo.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdbPfC source: javaws.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: ktab.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb@ source: fontmanager.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb source: eula.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: javaws.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: sunmscapi.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: servertool.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: java-rmi.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb0 source: eula.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\ssvagent\obj\ssvagent.pdb source: ssvagent.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: orbd.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: zip.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb source: fontmanager.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libunpack\unpack.pdb source: unpack.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: pack200.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libkrb5\w2k_lsa_auth.pdb9' source: w2k_lsa_auth.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb98 source: java_crw_demo.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: rmid.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: dt_shmem.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\deploy.pdb source: deploy.dll.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: EYOFFTITMDLXZJFFCCGFDTBIY.msi, MSID248.tmp.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libkrb5\w2k_lsa_auth.pdb source: w2k_lsa_auth.dll.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: policytool.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: jp2launcher.exe.2.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdbP*A source: jp2launcher.exe.2.dr
Source: jfxwebkit.dll.2.drStatic PE information: section name: .unwante
Source: prism_sw.dll.2.drStatic PE information: section name: _RDATA
Source: msvcr100.dll.2.drStatic PE information: section name: .text entropy: 6.90903234258047
Source: msvcr120.dll.2.drStatic PE information: section name: .text entropy: 6.95576372950548
Source: msvcr100.dll0.2.drStatic PE information: section name: .text entropy: 6.90903234258047
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID278.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jfr.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\unpack.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\Data.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID2B8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\tnameserv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\client\jvm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javafx_font.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\ssvagent.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\plugin2\npjp2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\rmid.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javaw.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jdwp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\hprof.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\instrument.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dt_shmem.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JavaAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\rmiregistry.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JavaAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\verify.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\plugin2\msvcr100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\sunec.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javacpl.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jfxwebkit.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dcpr.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\fontmanager.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javafx_font_t2k.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\glib-lite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\keytool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JAWTAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\splashscreen.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jpeg.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\servertool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\java.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\java_crw_demo.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javacpl.cplJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jawt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jjs.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jaas_nt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\kcms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\lcms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\fxplugins.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\ssv.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\deploy.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\prism_sw.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dt_socket.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\nio.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jp2iexp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\eula.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jli.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\orbd.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID218.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\management.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\prism_d3d.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\npt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javafx_iio.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\prism_common.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\j2pcsc.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\gstreamer-lite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\java.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\zip.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\j2pkcs11.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\msvcr120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\policytool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dtplugin\deployJava1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\msvcp120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\unpack200.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\bci.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jsound.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\decora_sse.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID15C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\awt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\java-rmi.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID248.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\glass.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\w2k_lsa_auth.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jsdt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\resource.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jfxmedia.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jsoundds.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\t2k.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\kinit.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jabswitch.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\klist.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\WindowsAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\wsdetect.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\mlib_image.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\net.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\pack200.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jp2native.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jp2ssv.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\msvcr100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\ktab.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\sunmscapi.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jp2launcher.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javaws.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID278.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID15C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID218.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID248.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID2B8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javacpl.cplJump to dropped file

Boot Survival

barindex
Creates autostart registry keys to launch java
Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\42112CAB75FB99A42AA1B59724538D4F B17301D2F7CA1E24FB529D45EC712B04 C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javaw.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID278.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jfr.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\unpack.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\Data.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID2B8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\tnameserv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\client\jvm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javafx_font.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\ssvagent.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\rmid.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\plugin2\npjp2.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javaw.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jdwp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\hprof.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\instrument.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dt_shmem.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JavaAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\rmiregistry.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JavaAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\verify.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\plugin2\msvcr100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\sunec.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javacpl.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jfxwebkit.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dcpr.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\fontmanager.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javafx_font_t2k.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\glib-lite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\keytool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JAWTAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\splashscreen.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jpeg.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\java.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\servertool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\java_crw_demo.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javacpl.cplJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jawt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jjs.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jaas_nt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\kcms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\lcms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\ssv.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\fxplugins.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\deploy.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\prism_sw.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dt_socket.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\nio.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jp2iexp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\eula.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jli.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\orbd.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID218.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\management.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\prism_d3d.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\npt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\prism_common.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javafx_iio.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\j2pcsc.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\gstreamer-lite.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\java.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\zip.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\j2pkcs11.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\msvcr120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\policytool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dtplugin\deployJava1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\msvcp120.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\unpack200.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\bci.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jsound.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\decora_sse.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID15C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\awt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\java-rmi.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID248.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\glass.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\w2k_lsa_auth.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jsdt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\resource.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jfxmedia.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jsoundds.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\kinit.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\t2k.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jabswitch.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\klist.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\wsdetect.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\WindowsAccessBridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\mlib_image.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\pack200.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\net.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jp2ssv.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jp2native.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\msvcr100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\ktab.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\sunmscapi.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jp2launcher.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javaws.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: deploy.dll.2.drBinary or memory string: [mwndProcID was NULL in mainLoop()wndProc(JIJJ)JNULL != hIcon../../src/common/windows/native/WindowsJavaTrayIcon.cppTrayNotifyWndShell_TrayWndUnable to Start Java Plug-in Control Panel%s\javacpl.exeJava Sys Tray
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		Windows Management Instrumentation1
DLL Side-Loading		2
Process Injection		31
Masquerading		OS Credential Dumping2
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Software Packing		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		2
Process Injection		Security Account Manager11
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
EYOFFTITMDLXZJFFCCGFDTBIY.msi3%ReversingLabs
EYOFFTITMDLXZJFFCCGFDTBIY.msi0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\Data.exe3%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\Data.exe0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JAWTAccessBridge-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JAWTAccessBridge-32.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JAWTAccessBridge.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JAWTAccessBridge.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JavaAccessBridge-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JavaAccessBridge-32.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JavaAccessBridge.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JavaAccessBridge.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\WindowsAccessBridge-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\WindowsAccessBridge-32.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\WindowsAccessBridge.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\WindowsAccessBridge.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\awt.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\awt.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\bci.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\bci.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\client\jvm.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\client\jvm.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dcpr.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dcpr.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\decora_sse.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\decora_sse.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\deploy.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\deploy.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dt_shmem.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dt_shmem.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dt_socket.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dt_socket.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dtplugin\deployJava1.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dtplugin\deployJava1.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dtplugin\npdeployJava1.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dtplugin\npdeployJava1.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\eula.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\eula.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\fontmanager.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\fontmanager.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\fxplugins.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
http://www.symauth.com/rpa000%URL Reputationsafe
http://exslt.org/common0%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd0%URL Reputationsafe
http://www.symauth.com/cps0(0%URL Reputationsafe
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD0%Avira URL Cloudsafe
ftp://http://base%.20s%ddefault%d%.20scopying0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Your0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internal0%Avira URL Cloudsafe
http://www.jclark.com/xt0%Avira URL Cloudsafe
http://exslt.org/commonnode-setdata-typexsltDoSortFunction:0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamer0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internal0%VirustotalBrowse
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD0%VirustotalBrowse
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Your0%VirustotalBrowse
http://icl.com/saxon0%Avira URL Cloudsafe
http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:0%Avira URL Cloudsafe
http://exslt.org/commonnode-setdata-typexsltDoSortFunction:0%VirustotalBrowse
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.This0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamer0%VirustotalBrowse
http://xmlsoft.org/XSLT/Templates:0%Avira URL Cloudsafe
http://icl.com/saxon0%VirustotalBrowse
http://xmlsoft.org/XSLT/0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.0%VirustotalBrowse
http://xmlsoft.org/XSLT/namespace0%Avira URL Cloudsafe
http://tools.ietf.org/html/rfc3986#section-2.1.0%Avira URL Cloudsafe
http://xmlsoft.org/XSLT/Templates:0%VirustotalBrowse
http://www.ifpi.org/isrc/0%Avira URL Cloudsafe
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.This0%VirustotalBrowse
http://xmlsoft.org/XSLT/0%VirustotalBrowse
http://www.khronos.org/registry/typedarray/specs/latest/#70%Avira URL Cloudsafe
http://xmlsoft.org/XSLT/namespace0%VirustotalBrowse
http://tools.ietf.org/html/rfc3986#section-2.1.0%VirustotalBrowse
http://www.khronos.org/registry/typedarray/specs/latest/#70%VirustotalBrowse
http://www.ifpi.org/isrc/0%VirustotalBrowse
http://www.jclark.com/xt0%VirustotalBrowse
http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Yourgstreamer-lite.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
ftp://http://base%.20s%ddefault%d%.20scopyingjfxwebkit.dll.2.drfalse
  • Avira URL Cloud: safe
unknown
http://www.jclark.com/xtjfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTDjfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.symauth.com/rpa00servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drfalse
  • URL Reputation: safe
unknown
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internalgstreamer-lite.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://exslt.org/commonnode-setdata-typexsltDoSortFunction:jfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamergstreamer-lite.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://exslt.org/commonjfxwebkit.dll.2.drfalse
  • URL Reputation: safe
unknown
http://ocsp.thawte.com0servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drfalse
  • URL Reputation: safe
unknown
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtdjfxwebkit.dll.2.drfalse
  • URL Reputation: safe
unknown
http://icl.com/saxonjfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:jfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Thisgstreamer-lite.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.gstreamer-lite.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://xmlsoft.org/XSLT/Templates:jfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://xmlsoft.org/XSLT/jfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://xmlsoft.org/XSLT/namespacejfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://tools.ietf.org/html/rfc3986#section-2.1.jfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.symauth.com/cps0(servertool.exe.2.dr, zip.dll.2.dr, java-rmi.exe.2.dr, prism_d3d.dll.2.dr, java.exe.2.dr, dt_shmem.dll.2.dr, java_crw_demo.dll.2.dr, glass.dll.2.dr, prism_common.dll.2.dr, pack200.exe.2.dr, sunmscapi.dll.2.dr, eula.dll.2.dr, unpack200.exe.2.dr, ktab.exe.2.dr, gstreamer-lite.dll.2.dr, policytool.exe.2.dr, unpack.dll.2.dr, deploy.dll.2.dr, ssvagent.exe.2.dr, orbd.exe.2.dr, jp2launcher.exe.2.drfalse
  • URL Reputation: safe
unknown
http://www.ifpi.org/isrc/gstreamer-lite.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.khronos.org/registry/typedarray/specs/latest/#7jfxwebkit.dll.2.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1500453
Start date and time:2024-08-28 13:57:18 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 33s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:8
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:EYOFFTITMDLXZJFFCCGFDTBIY.msi
Detection:MAL
Classification:mal52.winMSI@4/150@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .msi

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JAWTAccessBridge-32.dllSSCBOLGZFXVJMEICRNQMJOCDIF.msiGet hashmaliciousUnknownBrowse
    BOCTGZXINFFCD20242108.msiGet hashmaliciousUnknownBrowse
      PGCTGZXFCD20242008.msiGet hashmaliciousUnknownBrowse
        CloudInstaller.zipGet hashmaliciousUnknownBrowse
          uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
            uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
              Advanced_IP_Scanner_2.5.4594.1 (1).exeGet hashmaliciousUnknownBrowse
                New Soft Update.exeGet hashmaliciousUnknownBrowse
                  https://uceg-klom.us21.list-manage.com/track/click?u=9b882a29c7ab3b3f6381abd18&id=56bb8add24&e=4fba4902f9xGet hashmaliciousUnknownBrowse
                    https://cdn.discordapp.com/attachments/1174332456720154685/1174332513909477499/orderCase_21-50821.zipGet hashmaliciousUnknownBrowse

                      Created / dropped Files

                      C:\Config.Msi\55c72c.rbs

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:modified
                      Size (bytes):21682
                      Entropy (8bit):5.528923667029486
                      Encrypted:false
                      SSDEEP:192:KVfxxoFFc+/mI3hrwjgvE5SKL9ztbJLiq40EvOhvCSrHL/EE39BWXNEYP3lJ8v/7:KVZxeFtuI3hrwUN6b9
                      MD5:4455FBE5AD0EEB75CB27D9E4D9F218FB
                      SHA1:B892E44CDF70D16AC179002BE47A5A77D8BBB9B3
                      SHA-256:D637B4F3FDC55AF29701BAAD945C0C74949562B1A7D4A8ACFDA892D193F2F148
                      SHA-512:075E283C9AC9361366EF61603B0E5630D594062DB941876297ABF9BC99268E779C42E4978E8D9CAF4A823853A7936A17203F3B5D4C78E03AC2DAEA04F3D510CD
                      Malicious:false
                      Reputation:low
                      Preview:...@IXOS.@.....@I?.Y.@.....@.....@.....@.....@.....@......&.{2D10371B-AC7F-42E1-BF25-D954CE17B240}..New Ar..EYOFFTITMDLXZJFFCCGFDTBIY.msi.@.....@.....@.....@........&.{95A92FE2-A6E7-4528-901E-5526269D9142}.....@.....@.....@.....@.......@.....@.....@.......@......New Ar......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]....ProcessComponents%.Atualizando o registro de componentes..&.{9DF256DC-2E1B-4AE9-AD36-A853530ADE87}&.{2D10371B-AC7F-42E1-BF25-D954CE17B240}.@......&.{6FDAD8C4-AC91-47D5-B050-1E22F667AF36}&.{2D10371B-AC7F-42E1-BF25-D954CE17B240}.@......&.{FD5E4EA6-884C-4125-99E8-220F38755F5C}&.{2D10371B-AC7F-42E1-BF25-D954CE17B240}.@......&.{ACED1E9F-A8CC-4F0A-BF34-E62BC5D4F8A2}&.{2D10371B-AC7F-42E1-BF25-D954CE17B240}.@......&.{BEC4F991-BDDF-45A4-90CD-708EEEE8F639}&.{2D10371B-AC7F-42E1-BF25-D954CE17B240}.@......&.{97F935A4-8ACA-497F-BCA3-4C4615653BB5}&.{2D10371B-AC7F-42E1-BF25-D954CE17B240}.@......&.{7C4AEC67-A1D4-4874-B3

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\Data.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):5.869022422210805
                      Encrypted:false
                      SSDEEP:384:9oI1gYZw33FUWUcC6TBhdsDgZH4o5NEvdlcn0ScPmPn0Avsl9EPg/s4Xsn+KvHKj:x7Zw33FNUf6Nhd/fQ1l+0vM0iT9
                      MD5:DA5AFA3C2ABA02E621D4C0DA273AEA13
                      SHA1:73B00FBC07570F0335D80AB37BA6FB3C516F5F88
                      SHA-256:D3A8EC615FF512CBB743505BCC222AD6ED42E0CA41CFCC60226145557727DF62
                      SHA-512:4822BC5069F05602AEB8769B273BD29852080A5F46EC51B7C38CA7CA1C205FF06456F9887579AFFBDFFEA4C6B0E64F4E256E49659F854D56BA8BD74DC0EA6029
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 3%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Reputation:low
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....n.f.................b........................@..........................P............@... ..............................0.......@...............................................................................2...............................text....`.......b.................. .0`.data...@............f..............@.0..rdata...............h..............@.0@.bss....0.............................0..idata.......0.......n..............@.0..rsrc........@.......z..............@.0.................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\COPYRIGHT

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ISO-8859 text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):3313
                      Entropy (8bit):4.557128068430301
                      Encrypted:false
                      SSDEEP:96:a58tiSm9iicC7CRRS9i7cq11iUDcsMLks0h9n:WOi59rcF/Cigq11iUD5MLks0z
                      MD5:FC605D978E7825595D752DF2EF03F8AF
                      SHA1:C493C9541CAAEE4BFE3B3E48913FD9DF7809299F
                      SHA-256:7D697EAA9ACF50FE0B57639B3C62FF02916DA184F191944F49ECA93D0BB3374F
                      SHA-512:FB811DE6A2B36B28CA904224EA3525124BD4628CA9618C70EB9234AB231A09C1B1F28D9B6301581A4FA2E20F1036D5E1C3D6F1BF316C7FE78EF6EDEAE50EA40E
                      Malicious:false
                      Reputation:moderate, very likely benign file
                      Preview:Copyright . 1993, 2016, Oracle and/or its affiliates...All rights reserved.....This software and related documentation are provided under a..license agreement containing restrictions on use and..disclosure and are protected by intellectual property laws...Except as expressly permitted in your license agreement or..allowed by law, you may not use, copy, reproduce, translate,..broadcast, modify, license, transmit, distribute, exhibit,..perform, publish, or display any part, in any form, or by..any means. Reverse engineering, disassembly, or..decompilation of this software, unless required by law for..interoperability, is prohibited.....The information contained herein is subject to change..without notice and is not warranted to be error-free. If you..find any errors, please report them to us in writing.....If this is software or related documentation that is..delivered to the U.S. Government or anyone licensing it on..behalf of the U.S. Government, the following notice is..applicable:...

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JAWTAccessBridge-32.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):14912
                      Entropy (8bit):6.141852308272967
                      Encrypted:false
                      SSDEEP:192:7pQMhM63XLPVT6MsMPapRuBUEp7nYe+PjPriT0fwtK:7muL7PV4aapRuBTp7nYPLr7J
                      MD5:D63933F4E279A140CC2A941CCFF38348
                      SHA1:75169BE2E9BCFE20674D72D43CA6E2BC4A5A9382
                      SHA-256:532D049E0D7A265754902C23B0F150D665A78A3D6FE09AD51C9BE8C29D574A3D
                      SHA-512:D7A5023A5EB9B0C3B2AD6F55696A166F07FA60F9D1A12D186B23AAAACC92EF948CB5DFFA013AFC90C4BBE3DE077D591185902384F677D0BAE2FF7CFD5DB5E06C
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Joe Sandbox View:
                      • Filename: SSCBOLGZFXVJMEICRNQMJOCDIF.msi, Detection: malicious, Browse
                      • Filename: BOCTGZXINFFCD20242108.msi, Detection: malicious, Browse
                      • Filename: PGCTGZXFCD20242008.msi, Detection: malicious, Browse
                      • Filename: CloudInstaller.zip, Detection: malicious, Browse
                      • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                      • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                      • Filename: Advanced_IP_Scanner_2.5.4594.1 (1).exe, Detection: malicious, Browse
                      • Filename: New Soft Update.exe, Detection: malicious, Browse
                      • Filename: , Detection: malicious, Browse
                      • Filename: , Detection: malicious, Browse
                      Reputation:moderate, very likely benign file
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...yPjW...........!......................... .....m.........................`......em....@.........................`%......,"..P....@..x............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..d.... ......................@..@.data...`....0......................@....rsrc...x....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JAWTAccessBridge.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):14912
                      Entropy (8bit):6.1347115439165085
                      Encrypted:false
                      SSDEEP:192:0Usw4DPU3XLPVT6GsKOhWIutUinYe+PjPriT0fwyI8:ew7PVIKyWIutDnYPLr728
                      MD5:B4EB9B43C293074406ADCA93681BF663
                      SHA1:16580FB7139D06A740F30D34770598391B70AC96
                      SHA-256:8CD69AF7171F24D57CF1E6D0D7ACD2B35B4EA5FDF55105771141876A67917C52
                      SHA-512:A4E999E162B5083B6C6C3EAFEE4D84D1EC1C61DCA6425F849F352FFDCCC2E44DFEE0625C210A8026F9FF141409EEBF9EF15A779B26F59B88E74B6A2CE2E82EF9
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Reputation:moderate, very likely benign file
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...zPjW...........!......................... .....m.........................`.......2....@.........................`%......,"..P....@..p............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..a.... ......................@..@.data...`....0......................@....rsrc...p....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JavaAccessBridge-32.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):128064
                      Entropy (8bit):6.428684952829155
                      Encrypted:false
                      SSDEEP:3072:uN77TJSG78+5Orcj5K/e2Hrgc6kZAn1yEkBKMKy1Zf22QYHJiuzTl8ShzzM+64mn:uNXd178+5fJZnQLo
                      MD5:2F808ED0642BD5CF8D4111E0AF098BBB
                      SHA1:006163A07052F3D227C2E541691691B4567F5550
                      SHA-256:61DFB6126EBA8D5429F156EAAB24FF30312580B0ABE4009670F1DD0BC64F87BB
                      SHA-512:27DBDA3A922747A031FF7434DE5A596725FF5AE2BC6DD83D6D5565EB2BA180B0516896323294459997B545C60C9E06DA6C2D8DD462A348A6759A404DB0F023A7
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...rPjW...........!................#..............m................................p.....@.........................p...........P.......x...............@...........................................p...@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\JavaAccessBridge.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):127552
                      Entropy (8bit):6.413283221897154
                      Encrypted:false
                      SSDEEP:3072:SdQ4jWJt4XChlFavveKSQ4gHK/e2Hrgc6kZAn1y1koKMKy1Zf22QYHJiuzTl8ShM:Sy4SJ1TFavvehc7ZnwEr
                      MD5:C3DED5F41E28FAF89338FB46382E4C3E
                      SHA1:6F77920776D39550355B146D672C199A3941F908
                      SHA-256:4691603DFABE6D7B7BEAC887DADC0E96243C2FF4F9A88CE3793E93356C53AA08
                      SHA-512:23621F2856899F40CFA9858DC277372BFE39F0205377543EB23E94422D479A53FDF664F4A9A4515C2285811F01D91AB64A834A03A4D3AB0CB7D78F8AF11135FF
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...sPjW...........!...............................m......................................@.........................@...........P.......p...............@...........................................H...@............................................text...n........................... ..`.rdata..............................@..@.data...............................@....rsrc...p...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\WindowsAccessBridge-32.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):97856
                      Entropy (8bit):6.467907542894502
                      Encrypted:false
                      SSDEEP:1536:/fHGbDtpt+WfGegcX30EJ4YHiYmRkgAPe+GP8uWg1kQOPt:/w2WfGe/30EWbY4Z+GpWuHOPt
                      MD5:F78D2BF2C551BE9DF6A2F3210A2964C1
                      SHA1:B6A4160ECA4C0D0552234FF69BCFDF45F0A2A352
                      SHA-256:9D18E5421A8606985FA54D7CEA921D1B8930358A2E4CDF5FDF2A8B3E4D857288
                      SHA-512:AAC8622683BE57518F8B03198A03BF1F760E082692C1FB6252E96CDBA19D3CEB0A6786CCBD7B98830E865297308FA99DBBEA464E41041ABDDA18AEB862BA993F
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...pPjW...........!................At.............p................................7P....@..........................9..A....1..<....................f..@............................................,..@...............@............................text...\........................... ..`.rdata..Qg.......h..................@..@.data...`,...P.......8..............@....rsrc................F..............@..@.reloc..J............N..............@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\WindowsAccessBridge.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):95808
                      Entropy (8bit):6.48897048228647
                      Encrypted:false
                      SSDEEP:1536:EHSB4i2hJwZaDEoDVzkhbyJCAqn9nV+1vkJnHBoY8BK5Hj:EJJwZWEoDVYby81yiBovkHj
                      MD5:E5A6231FE1E6FEC5F547DFD845D209BC
                      SHA1:3F21F90ECC377B6099637D5B59593D2415450D45
                      SHA-256:51355EA8A7DC238483C8069361776103779CE9FE3CD0267770E321E6E4368366
                      SHA-512:D5D20DF0089F3217B627D39ABD57C61E026D0DC537022FB698F85FA6893C7FA348C40295DEEC78506F0EF608827D39E2F6F3538818BA25E2A0EE1145FCC95940
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...qPjW...........!................!o.............p......................................@.........................p7..>...<0..<.......x............^..@...........................................(+..@...............@............................text...<........................... ..`.rdata...e.......f..................@..@.data...`,...P.......0..............@....rsrc...x............>..............@..@.reloc..J............F..............@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\awt.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):1182272
                      Entropy (8bit):6.63089480914076
                      Encrypted:false
                      SSDEEP:24576:68M4H6ioDs5FELnSbY6Ck2IlAnVCXQlFg3:9eaGnkXQlFQ
                      MD5:159CCF1200C422CED5407FED35F7E37D
                      SHA1:177A216B71C9902E254C0A9908FCB46E8D5801A9
                      SHA-256:30EB581C99C8BCBC54012AA5E6084B6EF4FCEE5D9968E9CC51F5734449E1FF49
                      SHA-512:AB3F4E3851313391B5B8055E4D526963C38C4403FA74FB70750CC6A2D5108E63A0E600978FA14A7201C48E1AFD718A1C6823D091C90D77B17562B7A4C8C40365
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.Q...?...?...?......?.......?.......?.z...?.......?.......?...>.;.?.....s.?.....w.?.......?.......?.......?.Rich..?.........................PE..L...nPjW...........!................,G.............m.........................P......Y.....@.................................,{...........N..............@....P......................................v..@............... ....V..`....................text...<........................... ..`.rdata.............................@..@.data...8....@...~...2..............@....rsrc....N.......P..................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\bci.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):15424
                      Entropy (8bit):6.380726588633652
                      Encrypted:false
                      SSDEEP:384:1Td3hw/L3kKLnYgIOGOOssnPV5Lnf6onYPLr7EbH:1zw/bkKLt7KnddnfPC7S
                      MD5:A46289384F76C2A41BA7251459849288
                      SHA1:4D8EF96EDBE07C8722FA24E4A5B96EBFA18BE2C4
                      SHA-256:728D64BC1FBF48D4968B1B93893F1B5DB88B052AB82202C6840BF7886A64017D
                      SHA-512:34D62BEB1FA7D8630F5562C1E48839CE9429FAEA980561E58076DF5F19755761454EEB882790EC1035C64C654FC1A8CD5EB46ECA12E2BC81449ACBB73296C9E8
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../x.W...w.W..W..W....s.W...u.W...@.W...A.W...p.W...q.W...v.W..Rich.W..........................PE..L...nPjW...........!......................... .....m.........................`.......9....@..........................'......|$..<....@...............$..@....P....... ..............................8#..@............ ...............................text............................... ..`.rdata..v.... ......................@..@.data...p....0......................@....rsrc........@......................@..@.reloc.......P......."..............@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\client\Xusage.txt

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1447
                      Entropy (8bit):4.228834598358894
                      Encrypted:false
                      SSDEEP:24:+3AKdmzfuv6pBSyGJkR/4o6kn2SRGehD+GrspGC/hLRra:BzMUBLGJkBA+RGeV+GrspGC/TO
                      MD5:F4188DEB5103B6D7015B2106938BFA23
                      SHA1:8E3781A080CD72FDE8702EB6E02A05A23B4160F8
                      SHA-256:BD54E6150AD98B444D5D24CEA9DDAFE347ED11A1AAE749F8E4D59C963E67E763
                      SHA-512:0BE9A00A48CF8C7D210126591E61531899502E694A3C3BA7C3235295E80B1733B6F399CAE58FB4F7BFF2C934DA7782D256BDF46793F814A5F25B7A811D0CB2E3
                      Malicious:false
                      Preview: -Xmixed mixed mode execution (default).. -Xint interpreted mode execution only.. -Xbootclasspath:<directories and zip/jar files separated by ;>.. set search path for bootstrap classes and resources.. -Xbootclasspath/a:<directories and zip/jar files separated by ;>.. append to end of bootstrap class path.. -Xbootclasspath/p:<directories and zip/jar files separated by ;>.. prepend in front of bootstrap class path.. -Xnoclassgc disable class garbage collection.. -Xincgc enable incremental garbage collection.. -Xloggc:<file> log GC status to a file with time stamps.. -Xbatch disable background compilation.. -Xms<size> set initial Java heap size.. -Xmx<size> set maximum Java heap size.. -Xss<size> set java thread stack size.. -Xprof output cpu profiling data.. -Xfuture enable strictest checks, an

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\client\jvm.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):3857984
                      Entropy (8bit):6.850425436805504
                      Encrypted:false
                      SSDEEP:98304:GyXul1SNceWfkD000V3wnIACM7g6cv/GZ:Q1SgfEP0ZwnIA97dcv/GZ
                      MD5:39C302FE0781E5AF6D007E55F509606A
                      SHA1:23690A52E8C6578DE6A7980BB78AAE69D0F31780
                      SHA-256:B1FBDBB1E4C692B34D3B9F28F8188FC6105B05D311C266D59AA5E5EC531966BC
                      SHA-512:67F91A75E16C02CA245233B820DF985BD8290A2A50480DFF4B2FD2695E3CF0B4534EB1BF0D357D0B14F15CE8BD13C82D2748B5EDD9CC38DC9E713F5DC383ED77
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$=.$`\.w`\.w`\.w{.Twb\.w..Pwf\.w{.Vwl\.w{.bwl\.wi$[wo\.w`\.w}].w{.cw-^.w{.Swa\.w{.Rwa\.w{.Uwa\.wRich`\.w........PE..L...nPjW...........!......,...........+.......,....m..........................<......q;...@...........................4.......4.......9.(.............:.@.... 9..G....,..............................t2.@.............,.P............................text.....+.......,................. ..`.rdata..Y.....,.......,.............@..@.data...d.....5..*....4.............@....rsrc...(.....9......"7.............@..@.reloc..\.... 9......(7.............@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dcpr.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):142912
                      Entropy (8bit):7.350682736920136
                      Encrypted:false
                      SSDEEP:3072:aoGzTjLkRPQ9U9NuLqcNicj5ojGylYCE2Iu2jGLF5A9bE8LUekfCz:LGz/oRPGLJN1IGgYCE2L1F5A9bEGUeR
                      MD5:4BDC32EF5DA731393ACC1B8C052F1989
                      SHA1:A677C04ECD13F074DE68CC41F13948D3B86B6C19
                      SHA-256:A3B35CC8C2E6D22B5832AF74AAF4D1BB35069EDD73073DFFEC2595230CA81772
                      SHA-512:E71EA78D45E6C6BD08B2C5CD31F003F911FD4C82316363D26945D17977C2939F65E3B9748447006F95C3C6653CE30D2CDA67322D246D43C9EB892A8E83DEB31A
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k..K.c.K.c.K.c.Br..I.c.P...H.c.P...I.c.P...N.c.K.b.m.c.P...m.c.P...J.c.P...J.c.P...J.c.RichK.c.........................PE..L...nPjW...........!.........Z......V.............Sm.........................@.......!....@.................................<...P.... ..................@....0..........................................@............................................text...n........................... ..`.rdata........... ..................@..@.data....+.......(..................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\decora_sse.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):64064
                      Entropy (8bit):6.338192715882019
                      Encrypted:false
                      SSDEEP:1536:Skh2CQuUlng7qkKi5iO8pm8cN9qOU33oit:Skkhu0nTli5jN8cNAOUHnt
                      MD5:B04ABE76C4147DE1D726962F86473CF2
                      SHA1:3104BADA746678B0A88E5E4A77904D78A71D1AB8
                      SHA-256:07FF22E96DCFD89226E5B85CC07C34318DD32CDA23B7EA0474E09338654BFEB3
                      SHA-512:2E4E2FEB63B6D7388770D8132A880422ABF6A01941BFF12CAD74DB4A641BDA2DCC8BF58F6DAE90E41CC250B79E7956DDF126943E0F6200272F3376A9A19505F1
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{.|.{.|.{.|..N..y.|.{.}.g.|.v.x.|.v.y.|.v.w.|.v.y.|....Z.|....z.|.v.z.|....z.|.Rich{.|.........................PE..L...nPjW...........!......... ......_.............Vm......................... .......*....@.....................................<.......................@...........................................(...@...............t............................text............................... ..`.rdata..............................@..@.data...\...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\deploy.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):453184
                      Entropy (8bit):6.516599034237354
                      Encrypted:false
                      SSDEEP:6144:3J/sbugq7rm5zX2JDYfiA9+wvpsEWcIGnFm8iTFOBITfnvxIW1x8:3JUbzq+5zX25qvdfnFm88nvq+x8
                      MD5:5EDAEFFC60B5F1147068E4A296F6D7FB
                      SHA1:7D36698C62386449A5FA2607886F4ADF7FB3DEEF
                      SHA-256:87847204933551F69F1CBA7A73B63A252D12EF106C22ED9C561EF188DFFCBAE8
                      SHA-512:A691EF121D3AC17569E27BB6DE4688D3506895B1A1A8740E1F16E80EEFCE70BA18B9C1EFD6FD6794FAFC59BA2CAF137B4007FCDC65DDB8BCBFCF42C97B13535B
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:...:...:.......:.e....:......:......:.....:....:....:...;.`.:......:.......:.......:.......:.Rich..:.................PE..L...oPjW...........!.........:......n.............Xm................................-.....@.........................@...\6..............................@.......|8..................................Xh..@...............X...8........................text............................... ..`.rdata...;.......<..................@..@.data...............................@....rsrc...............................@..@.reloc..ZE.......F..................@..B................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dt_shmem.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):25152
                      Entropy (8bit):6.627329311560644
                      Encrypted:false
                      SSDEEP:384:0mgNWEfK0RiC4qxJL8VI6ZEPG5Vv/11nYPLr7N:H6WmK0RiSxJ4VI6W+zbC7N
                      MD5:72B7054811A72D9D48C95845F93FCD2C
                      SHA1:D25F68566E11B91C2A0989BCC64C6EF17395D775
                      SHA-256:D4B63243D1787809020BA6E91564D17FFEA4762AF99201E241F4ECD20108D2E8
                      SHA-512:C6A16DAAF856939615DFDE8E9DBE9D5BFC415507011E85E44C6BF88B17B705C35CD7CED8EDA8F358745063F41096938D128DEE17E14FE93252E5B046BDFCDDC0
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%..cK.cK.cK....cK....cK.cJ.cK....cK....cK....cK....cK....cK....cK.Rich.cK.........PE..L...nPjW...........!.....*...........4.......@....|m................................:6....@.........................0M.......H..<....p...............J..@............A...............................F..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......@..............@....rsrc........p.......B..............@..@.reloc..z............F..............@..B................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dt_socket.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):21568
                      Entropy (8bit):6.601333059222365
                      Encrypted:false
                      SSDEEP:384:QwiAYZIxsQbbRLEs5Ltd7rpPVJfq0nYPLr7Ko+:BiPZj+bVEmtd7rpdJfnC7J+
                      MD5:73603BF0DC85CAA2F4C4A38B9806EC82
                      SHA1:74EBC4F158936842840973F54AF50CDF46BC9096
                      SHA-256:39EF85AB21F653993C8AAAB2A487E8909D6401A21F27CBA09283B46556FB16AF
                      SHA-512:5C238D677D458D5B7D43FA3FF424E13B62ABFCEDE66D55E3112DC09BF2F7B640EB8F82D00E41A2C7A7E7B36E3FCE3C2DCB060037314418D329466CC462D0BF71
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...'<8.>...'<:.>...'<..>...<...v...5.7.9...'<..1...'<?.=...'<>.=...'<9.=...Rich<...........................PE..L...nPjW...........!.................&.......0....}m................................F.....@..........................A..U....<..P....`...............<..@....p......@1..............................x;..@............0..(............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dtplugin\deployJava1.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):827456
                      Entropy (8bit):6.022966185458799
                      Encrypted:false
                      SSDEEP:24576:E0NweWDjb28WNjE/lBy/pUbS3lYMpQIRrAOh3:7Wb5By/pUbouAQIRHh3
                      MD5:E741028613B1FC49EC5A899BE6E3FC34
                      SHA1:9EAE3D3CA22E92A925395A660B55CECB2EB62D54
                      SHA-256:9163A546696E581D443B3A6250F61E5368BE984C69ADFB54EE2B0E51D0FA008E
                      SHA-512:05C6CE707F4F0F415E74D32F1AACEC7E2C7746C3D04C75502EAECAFAF9E0108CE6206A8A3939C92EDCE449FFC0A68FB4389EDAA93D61920D1EC85327D1B3A55A
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Vu.'...t...t...t..Tt...t.lIt...t.lYt...t...t...t}bat...t..`t...t..at{..t..Qt...t..Pt...t..Wt...tRich...t................PE..L...pPjW...........!................T.............`m.....................................@.........................................P..................@....p..\^.....................................@...............X...........................text...,........................... ..`.rdata..8...........................@..@.data....t.......R..................@....rsrc........P......................@..@.reloc..zr...p...t..................@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\dtplugin\npdeployJava1.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):907328
                      Entropy (8bit):6.160830535423145
                      Encrypted:false
                      SSDEEP:24576:ZyWOeRjqm9ZRI+Ga+fme7CV93+x6FQ3ge:VRAeMme7kA6F6ge
                      MD5:4FD3548990CAF9771B688532DEF5DE48
                      SHA1:567C27A4EA16775085D8E87A38FE58BEC4463F7D
                      SHA-256:BDE5DF7BCFC35270B57A8982949BF5F25592A2E560A04E9868B84BEF83A0EA4B
                      SHA-512:FD2CF2072A786293E30CD495BA06F4734F0CEA63CBC49B6D7A24F6891612375E48D1B5758D9408625E769E8A81C7C34F04278E011BCF47EDEB8C2AFC13AEC20C
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x...x...x....k..x...._..x....v..x....f..x...x...y....^..x....^..x....n..x....o..x....h..x..Rich.x..........................PE..L...nPjW...........!.................D.......0....mm................................t.....@..........................>......."..........................@........c...5..............................p...@............0..4............................text............................... ..`.rdata..T....0......................@..@.data...$Y...@...6...,..............@....rsrc................b..............@..@.reloc...g.......h...X..............@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\eula.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):109120
                      Entropy (8bit):5.986571003903383
                      Encrypted:false
                      SSDEEP:1536:LE9WcstxlDgZ9EYDKg0nc6N3MR+EpOB+o+5PVT/B:ghspgZPDanhs+EpOBF+5PFB
                      MD5:A5455B9BEB5672D89B1F0FCFAA4C79CA
                      SHA1:9C7DBB5AD1CB3EBE7347A9CDDD80389902DA81EC
                      SHA-256:89A429889DCD0F6A3FE56217A0FEB5912132AAB2817643021EAE3716DA533D4A
                      SHA-512:131866A4754F4AF78A94F0776815E7EA4375736A4B11A723B87A4436FA101D271FFE14E4B49D3AB1AE2FA61CDBDED0C3D174C75327BE3C24E0E4CC39AFFA9469
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ot....Z...Z...Z..Z...ZC@.Z...Z..Z...Z..Z...Z.v.Z...Z.v.Z...Z...Z...Z.x.Z...Z..Z...Z..Z...Z..Z...Z..Z...ZRich...Z........................PE..L...oPjW...........!..............................~m......................................@.........................P...J............0...t..............@...........P...............................0...@............... ...d...`....................text............................... ..`.rdata...D.......F..................@..@.data...0...........................@....rsrc....t...0...v..................@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\fontmanager.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):223296
                      Entropy (8bit):6.501845596055873
                      Encrypted:false
                      SSDEEP:6144:8P8OC0xbNXLJAEh4hijzud6kAgZkFGMReiDfbgOBI1:8P8OC0xbNXLJAEh4hijzud6kAgYGSA
                      MD5:9D5EDECF7E33DDD0E2A6A0D34FC12CA1
                      SHA1:FC228A80FF85D78AA5BFBA2515EFED3257B9B009
                      SHA-256:6D817519C2E2EFDD3986EB655C1F687D4774730AB20768DF1C0AAEF03B110965
                      SHA-512:B4D58D3415D0255DCD87EF413762BC0F2934AAA6C8151344266949D3DD549ABDCA1366FA751A988CDDC1430EBF5D17668ADF02096DD4D5EAFE75604C0DA0B4C9
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      • Antivirus: Virustotal, Detection: 0%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wG.s3&. 3&. 3&. .h. 0&. (.. 6&. :^. ;&. (.. 4&. 3&. n&. (.4 n&. (.5 "&. (.. 2&. (.. 2&. (.. 2&. Rich3&. ........PE..L...oPjW...........!.........~.....................m.................................e....@......................... ;.......1.......`...............P..@....p......................................@...@............................................text............................... ..`.rdata...O.......P..................@..@.data........@.......,..............@....rsrc........`.......8..............@..@.reloc..L....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\fxplugins.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):151104
                      Entropy (8bit):6.548096027649263
                      Encrypted:false
                      SSDEEP:3072:PPuiQNBInyjJ2y53/5d8n9e/ry7zOAHpyWWJd1u2TeKSNlGFGZQfVN2:iBInu2y5P5dkeDy7zOUpLJ2mHZQf2
                      MD5:7A710F90A74981C2F060FA361D094822
                      SHA1:FBDCA4E3F19AD5201572974E3C772A3C2694FBB3
                      SHA-256:9BC52058C02E0C87A6A9470C62D1AA4F998942CC00F99A82E7805E87D958BC16
                      SHA-512:928708DFF6A372BA997C072238823469CBFD28CCBB17A723AD35F851D35C6EFF82748AA41A9215955B9536A14AA57D47ABE0F1BA00D11F8D920A57F91B7A35E5
                      Malicious:false
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 0%
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................5......7.....................&.......8.......#.....5.........................4......3.....6.....Rich....................PE..L...oPjW...........!................g..............m.........................p............@.........................0...P............@...............6..@....P..........................................@...............4............................text............................... ..`.rdata...g.......h..................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\glass.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):200768
                      Entropy (8bit):6.431501859060678
                      Encrypted:false
                      SSDEEP:3072:lC0MaRHVsSduCCkNlKpR1FHNnuNcCwJPT54l2B3Fzkmldrz5ZD9hYJOj9T3iRK:s0XR1sYtxgGl2B3uWjhYJOj9TSY
                      MD5:434CBB561D7F326BBEFFA2271ECC1446
                      SHA1:3D9639F6DA2BC8AC5A536C150474B659D0177207
                      SHA-256:1EDD9022C10C27BBBA2AD843310458EDAEAD37A9767C6FC8FDDAAF1ADFCBC143
                      SHA-512:9E37B985ECF0B2FEF262F183C1CD26D437C8C7BE97AA4EC4CD8C75C044336CC69A56A4614EA6D33DC252FE0DA8E1BBADC193FF61B87BE5DCE6610525F321B6DC
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g_..g_..g_..._..g_..._..g_..._..g_..._..g_aT._..g_aT._..g_aT._..g_..f_..g_..._..g_.._..g_.._..g_..._..g_.._..g_Rich..g_........................PE..L...oPjW...........!...............................m.........................0............@..........................l..................X&..............@........(......................................@...............<....^.......................text...\........................... ..`.rdata..............................@..@.data...\"..........................@....rsrc...X&.......(..................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\glib-lite.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):400960
                      Entropy (8bit):6.165546757090391
                      Encrypted:false
                      SSDEEP:6144:vxDvEpBGH7t7PB7Es7va/QdqOBYswIprNWhk+URpxfu4w7J:tvEpBGH7pN57vwQd6swIp5WhkRlfu4CJ
                      MD5:767BBA46789597B120D01E48A685811E
                      SHA1:D2052953DDE6002D590D0D89C2A052195364410A
                      SHA-256:218D349986E2A0CD4A76F665434F455A8D452F1B27EAF9D01A120CB35DA13694
                      SHA-512:86F7F7E87514DBC62C284083D66D5F250A24FC5CD7540AF573C3FB9D47B802BE5FFBBC709B638F8E066AB6E4BB396320F6E65A8016415366799C74772398B530
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j..'..{t..{t..{t.g.t).{t#..t-.{t#..t".{t#..t".{t#..t,.{tS..ty.{t.8.t".{t..zt..{tS..t/.{t#..t/.{tS..t/.{tRich..{t................PE..L...oPjW...........!.....V...........=.......p.....m.........................P............@.............................^...............................@.... ..h'......................................@............p...............................text....T.......V.................. ..`.rdata...j...p...l...Z..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..h'... ...(..................@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\gstreamer-lite.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):514112
                      Entropy (8bit):6.805344203686025
                      Encrypted:false
                      SSDEEP:12288:Y5JbfdT5NYGe8m51QSWvopH1kdMDbA2ZoNnYX:Y5JV7eB3KopvnAe2YX
                      MD5:8D0CE7151635322F1FE71A8CEA22A7D6
                      SHA1:81E526D3BD968A57AF430ABB5F55A5C55166E579
                      SHA-256:43C2AC74004F307117D80EE44D6D94DB2205C802AE6F57764810DEE17CFC914D
                      SHA-512:3C78C0249B06A798106FEAF796AA61D3A849F379BD438BF0BB7BFED0DC9B7E7EA7DE689BC3874ED8B97FF2B3BA40265DED251896E03643B696EFDBF2E01AC88C
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Es.J$..J$..J$....N$..Gv..I$..Gv.G$..Gv..G$..Gv..H$..7]..%$.....B$..7]..H$..J$...%..7]..K$..Gv.K$..7].K$..RichJ$..........PE..L...pPjW...........!................g..............m......................................@..........................F.......I..........................@.......lT...................................E..@............................................text............................... ..`.rdata..............................@..@.data....0...`..."...D..............@....rsrc................f..............@..@.reloc..lT.......V...j..............@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\hprof.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):132672
                      Entropy (8bit):6.708436670828807
                      Encrypted:false
                      SSDEEP:3072:HGBc2vf2AWlvx+Kre9vVv3CoLORljxWEXyB/NK3GyNf9:mxvffVvyo0X8NKW+1
                      MD5:6376B76728E4A873B2BB7233CBCD5659
                      SHA1:3BE08074527D5B5BC4A1DDCEC41375E3B3A8A615
                      SHA-256:4FDF86D78ABC66B44B8AFF4BBCE1F2A5D6D9900767BE3CAAE450409924DBC5AD
                      SHA-512:955E7C5AB735183B491A753710B6F598A142A2876DDAE5AD301C3DA82A65CE82238E0F20C9F558F80138D58F8DC00B4EBD21483CEED0AABEEDA32CCA5D2E3D48
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........vu^............8Y...............................o..............................................Rich............................PE..L...oPjW...........!.....z...x......_..............m......................... ......^.....@.............................i...|...d.......................@........................................... ...@...............d............................text...Ny.......z.................. ..`.rdata...N.......P...~..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\instrument.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):115776
                      Entropy (8bit):6.787384437276838
                      Encrypted:false
                      SSDEEP:1536:0LHPDcdivqC4xMfl/hAxfZ/t0QHQIM7iVxoQCpGlyir0wIOfnToIfemrVZQirM:0rPDco4xMNEfZ1LQG4igmvTBfem7QcM
                      MD5:AB6ED0CFD0C52DBEDE1BE910EFA8A89B
                      SHA1:83CBC2746A50C155261407ECE3D7A5C58AAD0437
                      SHA-256:8A6FBB08E0F418A3BB80CC65233E7270C820741DD57525ED7FD3CC479A49396E
                      SHA-512:41773183FC20E42BF208064163AA55658692B9221560146E4F6A676F96FC76541ED82F1EFDFA31F8C25BA42F271F7D9087DE681DA937BBF0EB2C781E027F1218
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g0...c...c...c..c...c...c...cP..c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...cRich...c........PE..L...oPjW...........!........................0.....m......................................@.........................@.......|...(.......................@...........p1.............................. ...@............0..0............................text...L........................... ..`.rdata...f...0...h..................@..@.data....,..........................@....rsrc...............................@..@.reloc..Z...........................@..B................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\j2pcsc.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):16448
                      Entropy (8bit):6.490137326885244
                      Encrypted:false
                      SSDEEP:384:WCMJqfiSZzDonPV5TyVIbb8nYPLr7VblXT:WLJqrNkndQIsC7Vhj
                      MD5:1F004C428E01F8BEB07B52EB9659A661
                      SHA1:4D6AAB306CB1F4925890BF69FCDF32BBFE942B81
                      SHA-256:1BDEFECDF8CFA3F6DA606AD4D8BD98EC81E4A244D459A141723CCB9DC47E57CB
                      SHA-512:61888A778394950D2840E4D211196FFE1CB18FA45D092CBADBEDF2809BDED3D4421330CFE95392DD098E4AE3F6F8A3070E273FFCA2FB495C43C76332CA331DBF
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3...w.x^w.x^w.x^...^v.x^l..^u.x^l..^u.x^l..^u.x^~..^r.x^w.y^[.x^l..^y.x^l..^v.x^l..^v.x^l..^v.x^Richw.x^........PE..L...oPjW...........!.........................0.....m.........................p.......!....@..........................7.......2..P....P...............(..@....`..`....0..............................`1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\j2pkcs11.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):51264
                      Entropy (8bit):6.576803205025954
                      Encrypted:false
                      SSDEEP:1536:urOHh9t7/GAzqHcGxAARrZT9ixHDyo/r0rV9LrBH1bjPEwhEdheBwHWQFgE/XudL:G+9t7/qHcGHuy/pb
                      MD5:3A744B78C57CFADC772C6DE406B6B31E
                      SHA1:A89BF280453C0BCF8C987B351C168AEB3D7F7141
                      SHA-256:629393079539B1B9849704CE4757714D1CBE5C80E82C6BB3BC4445F4854EFA7B
                      SHA-512:506A147F33C09FA7338E0560F850E42139D0875EF48C297DDB3CC3A29F12822011915FACCB21DA908CF51A462F0EBA56B6B37C71D9C0F842BDE4A697FB4FFB64
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O^;w.?U$.?U$.?U$.G.$.?U$...$.?U$.?T$&?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$Rich.?U$........................PE..L...oPjW...........!.....v...8......l..............m................................O1....@.............................u...|...<.......................@.......................................... ...@............................................text...~t.......v.................. ..`.rdata...'.......(...z..............@..@.data...............................@....rsrc...............................@..@.reloc..V...........................@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jaas_nt.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):19520
                      Entropy (8bit):6.452867740862137
                      Encrypted:false
                      SSDEEP:384:45kF/QP8xkI6hgWIE0PVlyJSZ9nYPLr7+:4SqP7I6rkd4EfC7+
                      MD5:503275E515E3F2770A62D11E386EADBF
                      SHA1:C7BE65796AA0E490779F202C67EEC5E9FBB65113
                      SHA-256:97B5D1C8E7AAACE5C86A418CB7418D3B0BA4F5E178DE3CF1031029F7F36832AF
                      SHA-512:AC7C0CB626C2D821F0F4E392EE4E02C9E0093F019AA5B2947E0C7B3290A0098A3D9BB803AB44FD304CA1F1D272CFB7B775E3C75C72C7523FF7240F38440CFC3C
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..|fl./fl./fl./}.(/dl./}.*/gl./}../dl./o.'/al./fl./_l./}../kl./}.//gl./}../gl./}.)/gl./Richfl./................PE..L...pPjW...........!.........................0.....m.........................p............@..........................=.......8..d....P...............4..@....`..\....1...............................6..@............0...............................text............................... ..`.rdata..w....0......................@..@.data...`....@.......*..............@....rsrc........P.......,..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jabswitch.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):30784
                      Entropy (8bit):6.413942547146628
                      Encrypted:false
                      SSDEEP:768:+HhfWinfwUFAvnb5TIUX+naSOu9MQQ5jhC7EY:cuin5FAvNTIUX+nbMQQ54EY
                      MD5:530D5597E565654D378F3C87654CCABA
                      SHA1:6FAC0866EE0E68149AC0A0D39097CEF8F93A5D9E
                      SHA-256:0CFAA99AE669DDC00BD59B5857F725DFF5D4C09834E143AB1B5C5F0B5801D13B
                      SHA-512:D7520A28C3054160FCD62C9D816A27266BE9333E00794434FB4529F0FF49A2B08E033B5E67A823E5C184EE2D19D7F615FF9EE643FE71C84011A7E5C03251F3B4
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............I...I...I..HI...I..JI...I..~I...I..GI...I...I..I...I...I..NI...I..II...IRich...I........PE..L....DjW.................0...,.......1.......@....@..................................<....@.................................dR..x....p...............`..@.......t....A...............................P..@............@..p............................text............0.................. ..`.rdata.......@.......4..............@..@.data........`.......N..............@....rsrc........p.......P..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\java-rmi.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):15936
                      Entropy (8bit):6.466457942735197
                      Encrypted:false
                      SSDEEP:384:GpsbHnDiW6gejmSHhV8cGees7snYPLr7Wj53:GpsbHn/HS/8cresgC743
                      MD5:CF2F023D2B5F0BFB2ECF8AEEA7C51481
                      SHA1:6EB867B1AC656A0FC363DFAE4E2D582606D100FB
                      SHA-256:355366D0C7D7406E2319C90DF2080C0FAE72D9D54E4563C48A09F55CA68D6B0C
                      SHA-512:A2041925039238235ADC5FE8A9B818DFF577C6EA3C55A0DE08DA3DEDD8CD50DC240432BA1A0AEA5E8830DCDCCD3BFBF9CF8A4F21E9B56DC839E074E156FC008D
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW..................................... ....@..........................`......B.....@..................................#..P....@..\............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata..z.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\java.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):126528
                      Entropy (8bit):6.8082748642937725
                      Encrypted:false
                      SSDEEP:3072:Kw2b3Kr+uWU9XzFhziJ1TBZAhsIn/B9NZwMgjeNXLD:43KFFheLCBpV/
                      MD5:73BD0B62B158C5A8D0CE92064600620D
                      SHA1:63C74250C17F75FE6356B649C484AD5936C3E871
                      SHA-256:E7B870DEB08BC864FA7FD4DEC67CEF15896FE802FAFB3009E1B7724625D7DA30
                      SHA-512:EBA1CF977365446B35740471882C5209773A313DE653404A8D603245417D32A4E9F23E3B6CD85721143D2F9A0E46ED330C3D8BA8C24AEE390D137F9B5CD68D8F
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!..r..r..r.W.r..r.W(r..r...r..r..(r..r...r..r.W.r..r..r..r.W)r..r.W.r..r.W.r..r.W.r..rRich..r................PE..L...qPjW...........!..... ...........(.......0.....m................................6N....@......................... u...B...U..........................@............5...............................S..@............0......<U..@....................text...b........ .................. ..`.rdata.......0.......$..............@..@.data...............................@....rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\java.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):191040
                      Entropy (8bit):6.75061028420578
                      Encrypted:false
                      SSDEEP:3072:iUJiEoGLsncZizZQ7QBdCPdG3TBfMzrjZqMNGSplN2:iUJsnVzy7QBdC1G3TBEvFp6
                      MD5:E3E51A21B00CDDE757E4247257AA7891
                      SHA1:7F9E30153F1DF738179FFF084FCDBC4DAE697D18
                      SHA-256:7E92648B919932C0FBFE56E9645D785D9E18F4A608DF06E7C0E84F7CB7401B54
                      SHA-512:FC2981A1C4B2A1A3E7B28F7BF2BE44B0B6435FD43F085120946778F5C2C2CA73AD179796DEC0B92F0C6C8F6B63DD329EECC0AF1BB15392364C209DCF9CD6F7CA
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+H..E...E...E.L.....E..E....E..E....E......E...D...E..E..{.E..E....E..E....E.Rich..E.........PE..L....DjW.....................&....................@..........................0......aN....@.................................L*..d.......................@............................................$..@............................................text...~........................... ..`.rdata...s.......t..................@..@.data....4...@....... ..............@....rsrc................6..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\java_crw_demo.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):23616
                      Entropy (8bit):6.620094371728742
                      Encrypted:false
                      SSDEEP:384:Qp2dG5pC/ujTc8ZrEnrZm8WXLFnPV52WZQAnYPLr7lOGa:uvCGjJ0Q9ndRZdC71a
                      MD5:1C47DD47EBD106C9E2279C7FCB576833
                      SHA1:3BA9B89D9B265D8CEC6B5D6F80F7A28D2030A2D1
                      SHA-256:58914AD5737F2DD3D50418A89ABBB7B30A0BD8C340A1975197EEA02B9E4F25B2
                      SHA-512:091F50B2E621ED80BAFE2541421906DE1BCC35A0E912055B93E40CD903BE8B474103C0D8FECDF46E7F2F3C44BDADE64A857AB2B9CB5404306055150EE4ED002A
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..v...v...v.....+.t...m'$.u...v...\...m'&.w...m'..t...m'..{...m'#.w...m'".w...m'%.w...Richv...................PE..L...wPjW...........!.....*...........4.......@.....m................................F.....@..........................I..|....E..<....`...............D..@....p.......@...............................D..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...(....P.......:..............@....rsrc........`.......<..............@..@.reloc..^....p.......@..............@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javacpl.cpl

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):160256
                      Entropy (8bit):6.469497559123052
                      Encrypted:false
                      SSDEEP:3072:a2lpElIhbyyH3c1CX766zKELxKvFaPSnjZqMNJlGle:a2rE+xdW+76DEVKv8wv
                      MD5:4E3C37A4DE0B5572D69AD79B7A388687
                      SHA1:6B274E166641F9CE0170E99FE2D1F4319B75A9E8
                      SHA-256:893A86E7B1DE81DEDAB4794732FCCD02790756A2DBE4815C102F039088DFCBD2
                      SHA-512:8352A1CD859D17A27560448C6FFB0E8200096CAC744C8BB56330397FDE0B7F702E2295999D89FBAD74DF72DF200C391113A23A9B4342ABAC738167967533F9CD
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d6.. We. We. We.;...9We.;...We.)/..)We. Wd..We.O!.(We.;...We.;...!We.;...!We.;...!We.Rich We.........................PE..L....HjW...........!.....r...........q....................................................@.............................Z.......d.... ..............................@...................................@............................................text....p.......r.................. ..`.rdata..jH.......J...v..............@..@.data...,3..........................@....rsrc........ ......................@..@.reloc..@............T..............@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javacpl.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):70208
                      Entropy (8bit):6.353501201479367
                      Encrypted:false
                      SSDEEP:768:jFVfr2k521ZnrawwMmqPXt+rP3b/9/YMCxx0OpPOrEE14EVHLAuDeGJiqrmehiV9:PxioMmqF+2x0MORLVq7qjh3rmKPNpwGg
                      MD5:C2A59C7343D370BC57765896490331E5
                      SHA1:A50AF979E08A65EB370763A7F70CDB0E179D705D
                      SHA-256:40614FE8B91E01AD3562102E440BDBF5FAC5D9F7292C6B16A58F723BFFFE6066
                      SHA-512:CA266F1B2E51F66D119E2D71E3377C229A3D583853FFB606C101AFEB41689ACE7D1F1594781091DA67F9BE9D09F3019BF048C0F819777E8F1827A56BEEC252C4
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...1...1...1..9....1.j...1..9....1..9...1.....1...0.q.1.....1..9....1..9....1..9....1.Rich..1.................PE..L....HjW.................B...........B.......`....@..........................@......5C....@..................................}..x.......................@....0.......b...............................u..@............`......@{.......................text...,@.......B.................. ..`.rdata..x'...`...(...F..............@..@.data................n..............@....rsrc................p..............@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javafx_font.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):57408
                      Entropy (8bit):6.6711491011490285
                      Encrypted:false
                      SSDEEP:1536:f6arRmcnq2lxm+Na6C7HIT6T8E2pLSSm3:fzm+q7HITS8E2pLSSA
                      MD5:AEADA06201BB8F5416D5F934AAA29C87
                      SHA1:35BB59FEBE946FB869E5DA6500AB3C32985D3930
                      SHA-256:F8F0B1E283FD94BD87ABCA162E41AFB36DA219386B87B0F6A7E880E99073BDA3
                      SHA-512:89BAD9D1115D030B98E49469275872FFF52D8E394FE3F240282696CF31BCCF0B87FF5A0E9A697A05BEFCFE9B24772D65ED73C5DBD168EED111700CAAD5808A78
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................I2.......(.......*.....................\.:.....\.>...............................)...............+.....Rich............PE..L...tPjW...........!.....r...V.......w.............m......................................@.........................@...x...............................@.......8.......................................@...............4............................text....p.......r.................. ..`.rdata...@.......B...v..............@..@.data...............................@....rsrc...............................@..@.reloc..8...........................@..B................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javafx_font_t2k.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):446528
                      Entropy (8bit):6.603555069382601
                      Encrypted:false
                      SSDEEP:12288:RreTVhY4gXwLR4YS+OX3kQg4O5kM2LY58gwDTxXvwGSelo:Rr4VhyK7eTxXvwelo
                      MD5:8AE40822B18B10494527CA3842F821D9
                      SHA1:202DFFA7541AD0FAD4F0D30CEE8C13591DCA5271
                      SHA-256:C9742396B80A2241CE5309C388B80000D0786A3CAB06A37990B7690FD0703634
                      SHA-512:AA324A265639C67843B4BF6828029B413044CBE4D7F06A253B78B060EA554FECC6E803D59D03742C485B2EB3D52E5C0A44928DCC927501F413EE4664BB8A11F5
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.4Z..gZ..gZ..g.}g^..gWUggX..gWUeg\..gWUZgW..gWU[g_..g..qg]..gZ..g...g'~Zg~..g'~[g...g'~fg[..gWUag[..g'~dg[..gRichZ..g........PE..L...uPjW...........!..............................m......................................@.........................@..........d.......................@........%...................................\..@...............,............................text...{........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javafx_iio.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):126016
                      Entropy (8bit):6.608910794554507
                      Encrypted:false
                      SSDEEP:3072:oOxjjADzd+aeaPB9JhjxkM2wzGdXJbD/jn8Y6:ocKzeaPB9JhjxknwzG5JbDb8F
                      MD5:01706B7997730EAA9E2C3989A1847CA6
                      SHA1:7CEAD73CBE94E824FA5E44429B27069384BFDB41
                      SHA-256:20533C66C63DA6C2D4B66B315FFCF5C93AE5416E3DAE68CDD2047EFE7958AB3A
                      SHA-512:3272C8DE6C32D53372D481441DA81AE2B6EA02E8360B23D7F793B24827BD683A6604F43BE18CE2BEE40038FBE7D5F7AF78B2C465A51F82478D881DBEB5744DC2
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........y.r.*.r.*.r.*O..*.r.*.r.*.r.*. .*.r.*. .*.r.*. 0*.r.*. 1*.r.*..0*.r.*...*.r.*. .*.r.*...*.r.*Rich.r.*........PE..L...vPjW...........!.........:.....................m................................c.....@.....................................<.......................@.......\...................................0...@............................................text... ........................... ..`.rdata..8(.......*..................@..@.data...............................@....rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javaw.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):191552
                      Entropy (8bit):6.744419946343284
                      Encrypted:false
                      SSDEEP:3072:lScg0xvhTZNIs3Ft+STckCBQo3C0Y22vncTBfsO9jZqMN3cH1Tefqk:lSclI6nTc3BQo3C0YHncTBxvs65
                      MD5:48C96771106DBDD5D42BBA3772E4B414
                      SHA1:E84749B99EB491E40A62ED2E92E4D7A790D09273
                      SHA-256:A96D26428942065411B1B32811AFD4C5557C21F1D9430F3696AA2BA4C4AC5F22
                      SHA-512:9F891C787EB8CEED30A4E16D8E54208FA9B19F72EEEC55B9F12D30DC8B63E5A798A16B1CCC8CEA3E986191822C4D37AEDB556E534D2EB24E4A02259555D56A2C
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...%...%...%..w%...%.7D%...%.7q%...%..|%...%...%...%.7E%*..%.7u%...%.7r%...%Rich...%........................PE..L....DjW.....................(...................@..........................0............@.................................\*..d.......................@............................................$..@............................................text............................... ..`.rdata...t.......v..................@..@.data....4...@......."..............@....rsrc................8..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\javaws.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):269888
                      Entropy (8bit):6.418120581797452
                      Encrypted:false
                      SSDEEP:6144:Fp9B0qT85g5Sq+VBY2qVLC2wH5rM8HoQvlHO:5uqT85sSq+ERVm2wZEQvlHO
                      MD5:F8211DB97BF852C3292C3E9C710C19D9
                      SHA1:46DAD07779E030D8D1214AFE11C4526D9F084051
                      SHA-256:ECF4307739CA93F1569CE49377A28B31FE1EB0F44B6950DBAAFA1925B24C9752
                      SHA-512:B3E20EECA87136CAE77F06E4149E65EBFEF71A43589F7E2833008FE43811A2BC8B6202B6ADB5CE122A1822E83CE226B833DEF93A2B161476BD5B623794E4F697
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a..L%...%...%...>c..8...J.4.-...,.......%.......>c5.....>c4.....>c..$...>c..$...Rich%...................PE..L...rGjW.................t...........C............@..................................a....@.................................L...x.......................@.......8................................... ...@...............h...T........................text....r.......t.................. ..`.rdata...c.......d...x..............@..@.data...8........z..................@....rsrc................V..............@..@.reloc..>-..........................@..B................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jawt.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):13888
                      Entropy (8bit):6.274978807671468
                      Encrypted:false
                      SSDEEP:192:ahKnvndLwm3XLPVlD6yTUZnYe+PjPriT0fwdNJLkoRz:a4j7PVl1TAnYPLr7cLka
                      MD5:0291BA5765EE11F36C0040B1F6E821FB
                      SHA1:FFE1DCF575CCD0374DF005E9B01D89F6D7095833
                      SHA-256:F8540BE2BBD5BDE7962D2FE4E7EC9EF9BF53D95B48781AE549AA792F10032485
                      SHA-512:72ADDC631D8CF064E1B047B51EEF7F306CA959D24ED705065C33EE8DDDF7EA84B95B3DE5B0709015A81D36ACA01E15CE99A354D4069D4D798ED128A6A76D1010
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X"._9LR_9LR_9LRD..R^9LRD..RS9LRD..RZ9LRVA.R]9LR_9MR|9LRD..R\9LRD..R^9LRD..R^9LRD..R^9LRRich_9LR........PE..L...xPjW...........!......................... .....m.........................`............@..........................&..J...\"..P....@..................@....P..@.... ...............................!..@............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc..t....P......................@..B................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jdwp.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):163904
                      Entropy (8bit):6.783788147675078
                      Encrypted:false
                      SSDEEP:3072:XrQPwE5tlGsXVomHvD+1febSICzqozXtrQwnNZkB+5:XU15tpX9HvsfrTtMwNWBY
                      MD5:6E08D65F5CBB85E51010F36A84FC181D
                      SHA1:4EEE8BE68BAAF6320AEA29131A1C0B322F09F087
                      SHA-256:2D8658909D9E357A4B70FCF862D690EEC82A2F77161ABB021E0839C6A67D4825
                      SHA-512:DF4494D062E9A8AC82D727D2722DCF32C3FC924FA104F384FA099ADB08ECBDEEA7A19245D779097C0AFCF51F84852328ED595C88380F42BD39560678C8AD9621
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#..cp..cp..cp...p..cp...p..cp.D.p..cp..bp..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cpRich..cp........................PE..L...{PjW...........!...............................m......................................@......................... ?..h...|9..<....P...............h..@....`...)..@...............................(8..@...............,............................text............................... ..`.rdata..._.......`..................@..@.data...0....@.......4..............@....rsrc........P.......8..............@..@.reloc...+...`...,...<..............@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jfr.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):22592
                      Entropy (8bit):6.620820751411794
                      Encrypted:false
                      SSDEEP:384:YL4Z7lZRiY3PB6cGgOp2m1zq2oatSnPV5zYxkpLfsnYPLr7Ybc:E4PZRiY3PB6cVAebaMnd+ypLkC7Cc
                      MD5:700F5789D2E7B14B2F5DE9FDB755762E
                      SHA1:F35EDE3441D6E5461F507B65B78664A6C425E9AC
                      SHA-256:D115EAF96BD41C7A46400DCFF7EF26AC99E3CF7A55A354855C86BAE5C69A895A
                      SHA-512:664A442DD424CA04AC0CE072B9BBD5EF7C657B59A26403C44A856738F7998466BFE3010825A13451281841D39B0A34D8997EE24497D626EC60C19AA1AF0EE465
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../j.W...e.W..W..W....a.W...g.W...R.W...S.W...b.W...c.W...d.W..Rich.W..........PE..L...|PjW...........!........."......T&.......0.....m.................................O....@.........................`>.......:..<....`...............@..@....p.. ....0...............................9..@............0...............................text...^........................... ..`.rdata..p....0....... ..............@..@.data........P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jfxmedia.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):115264
                      Entropy (8bit):6.588792190592223
                      Encrypted:false
                      SSDEEP:3072:2Cgsy+/cydqNiaZr+lOzZPh7/W4MCnc8Ioaa2yFWcC6vsx/8:FZOzZPh7/WSe+S6v+U
                      MD5:8BC8FE64128F6D79863BC059D9CC0E2E
                      SHA1:C1F2018F656D5500ACF8FA5C970E51A55004DA2E
                      SHA-256:B77CD78FF90361E7F654983856EE9697FDC68A0F9081C06207B691B0C9AF1F5D
                      SHA-512:6771F23ECF1A449EB6B0B394E0F1D3EB17C973FC0544BA25487C92F215ACC234FC31C9B7BE5528EFD06D29A35BB37DD7934318837576862ADFC2631B4D610A24
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l..>7..l..>...l..>5..l..>...l...#..l..5..l..l.zl.....l.....l..4..l..>3..l..6..l.Rich.l.........PE..L...}PjW...........!.........|......],.......@.....m................................~.....@.....................................x.......................@............................................h..@............@...............................text....-.......................... ..`.rdata..4Z...@...\...2..............@..@.data...4...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jfxwebkit.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):33934912
                      Entropy (8bit):6.35314231534845
                      Encrypted:false
                      SSDEEP:393216:VJ8d7SMzwH5R2sdDcBwHHdI4DKRlDsqXCagQZhzvilh2Wlq7ODI:VJ8d7zzUesdDtevn
                      MD5:4D857A5FC9CA16D2A67872FACCF85D9F
                      SHA1:EAEB632E526EFA946E4DB1B8CFA31DE6A7B03219
                      SHA-256:7FFA7423DDA07499394B345E5ECE2D54C8E19247E6E76C0E23B5BF1470AB0D7F
                      SHA-512:8DBC8675CE2DACE8D629C3FA66CF65704346AB829AE0B0A1D7B25BE22783B7E73624BA70F6D67264D6CA1656D7590E3753A8DF2227DA45112C5BD4A5654089AF
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O..z!..z!..z!.c...z!..(...z!..(...z!......z!..z!..z!..(..hz!..(...z!......z!. ...z!..z ..{!......p!......z!..(...z!......z!.Rich.z!.................PE..L...~PjW...........!......... $....................m......................................@.................................X...x.......@...............@..............................................@............................................text.............................. ..`.rdata...E.......F..................@..@.data..............................@....unwante............................@..@.rsrc...@...........................@..@.reloc.............................@..B........................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jjs.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):15936
                      Entropy (8bit):6.475020301731584
                      Encrypted:false
                      SSDEEP:384:GpsE5cnm6ObmSHhV8j0eeq4SziahnYPLr79OOu:Gpszn6iS/8jxeqfhC78Ou
                      MD5:4F11D43AA2215CE771DA528878F01C8E
                      SHA1:8062681D73489FF200CA0BA426FF1FF3F44494A7
                      SHA-256:0D554CD4B373D6D9B9C179A468D179388706C0BDE4D878ED75EF575651588B3C
                      SHA-512:34CB271C32FB479CFAEEC536A5D35A41730E90001D67DC9DB595DB240A1F58C3BF12334BB5CDE7673C8E56A4C272BFBD66E4EACDEE0082F6FD583E4E039EC540
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......C....@.................................$#..P....@..@............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...@....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jli.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):158784
                      Entropy (8bit):6.816453355323999
                      Encrypted:false
                      SSDEEP:3072:gLkNbBRaz4rQWiG6wMz9/S3en9pHUw06TBfkqI44:rNbB4Mcnv7z6en9pj06TB6
                      MD5:73A76EC257BD5574D9DB43DF2A3BB27F
                      SHA1:2C9248EAE2F9F5F610F6A1DFD799B0598DA00368
                      SHA-256:8F19B1BA9295F87E701C46CB888222BB7E79C6EE74B09237D3313E174AE0154F
                      SHA-512:59ECD5FCF35745BDADCDB94456CB51BB7EA305647C164FE73D42E87F226528D1A53CE732F5EC64CE5B4581FA8A17CFBFDC8173E103AE862D6E92EB3AD3638518
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................6...........0.....=............7....5.....4.....3....Rich............PE..L....PjW...........!...............................o................................Y.....@..........................3..m....*..d....................T..@............................................#..@............................................text...~........................... ..`.rdata...u.......v..................@..@.data....4...@......."..............@....rsrc................6..............@..@.reloc.."............:..............@..B................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jp2iexp.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):207424
                      Entropy (8bit):6.630800216665857
                      Encrypted:false
                      SSDEEP:6144:ckZ5ktGCru8e6Y3RhNw0mjs+OBS7n7ACKRAHbW:ciIbS6Y37Nw0/QC
                      MD5:475DD87198F9C48EFB08AAB4ADE8AF5A
                      SHA1:9B657E0837639663D4D721F8C5E25401F11E7BEB
                      SHA-256:32764005FCCE7D0E51801528F6B68C860979E08D027A5220DFEC19B2A8013354
                      SHA-512:0B492B0FBADC14178A6F79A58E47C30D92B59B18414E38A7B119699D0788ACF3713F925CF0EC570BE3E29AB26BDB6B567C38526BC0603BA78ECC3E2952EA3E2B
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.*...*...*.......*.......*.;....*.......*.......*...+...*.......*.......*.......*.......*.......*.......*.Rich..*.........................PE..L....PjW...........!.........>.....................o.........................P............@.............................................................@......../...................................C..@...............|...........................text.../........................... ..`.rdata..............................@..@.data....,.......&..................@....rsrc...............................@..@.reloc...6.......8..................@..B........................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jp2launcher.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):82496
                      Entropy (8bit):6.597347722250847
                      Encrypted:false
                      SSDEEP:1536:ez2dfBusTTkMffX+xR5kdt94u+508AqDfJOqsbCkq24maADX:kE5u+kkX+P+dt9O08JJOZXX4nADX
                      MD5:5F85F7F2DFAC397D642834B61809240F
                      SHA1:ECA28E8464208FA11EF7DF677B741CDD561483D9
                      SHA-256:B71E00ADB77D87882D58993A5888955BDD62C57D364F60AAA0FA19D32A69C9DA
                      SHA-512:2BFE9FCE450E57EA93DEEAA85A746CB17BA946EEFF866F10D67C74F7EA038B16910E0D8EF29E9F358AF7DAABD45E3983C370FEF82A9647546819DCDE3AEE45BC
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-..C..C..C.....C..3..C.v...C..3..C..B.X.C.....C..3..C..3...C..3..C..3..C.Rich.C.........PE..L....HjW............................1.............@.................................cE....@.................................\...x....`..H............*..@....p..h.......................................@............................................text............................... ..`.rdata...C.......D..................@..@.data....0... ......................@....rsrc...H....`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jp2native.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):19008
                      Entropy (8bit):6.372096409611824
                      Encrypted:false
                      SSDEEP:384:PTjlu57T5J5eFeYW7TPVlN3B+ASZQ4NNR7F3qnYPLr7om0:PnUd5eFeDfd5Sj7oC7om0
                      MD5:4023E25F92B5F13E792901BF112A8EA2
                      SHA1:31ADCD411905832B89EA55DEC8B9C83AF3C7D3EA
                      SHA-256:432AEDAC59FA161FED5A5D95CA5F8CFD1D73A35ABE8A7090D137100F727B687B
                      SHA-512:AD0E6F8071EB09E843989E637BACA988DD7706D84FC26DB7C2E18BBE03A78A6C5BFE4F1B28289B5929B2B86C53FB6C3DAE42523DC8EDE8057A8F431AEA77BB20
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~fQ.~fQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ.~gQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQRich.~fQ................PE..L....PjW...........!.........................0.....o.........................p.......8....@..........................8......43..P....P...............2..@....`.......1..............................P1..@............0.......2..@....................text............................... ..`.rdata..T....0......................@..@.data........@.......&..............@....rsrc........P.......*..............@..@.reloc..J....`......................@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jp2ssv.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):186944
                      Entropy (8bit):6.612459610032652
                      Encrypted:false
                      SSDEEP:3072:XsSFQQB7SGWV2xrkvql6QPJD7mGVqjLypDTaDE5zwmFxy7HglbZrdIG:XJ97PxYAPJ/RV0tDCzw+xy0ldOG
                      MD5:E9373908186D0DA1F9EAD4D1FDAD474B
                      SHA1:C835A6B2E833A0743B1E8F6F947CFE5625FE791F
                      SHA-256:E2FBD6C6334D4765FF8DFF5C5FE3DF8B50015D0BF9124142748FADB987B492FF
                      SHA-512:BFDC236D462DAC45FD63C112E40558ED4E11E76FB4D713926A679FD573F67FA16451231A03178926B76BD267F092A33A3B6760CF4812DE2679BB9505B83F8261
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.+.#.x.#.x.#.x.mGx.#.x..Ax.#.x..ux3#.x.[Lx.#.x.[\x.#.x.#.x #.x.Utx.#.x..tx.#.x..Dx.#.x..Ex.#.x..Bx.#.xRich.#.x................PE..L....PjW...........!................K........ .....o................................,j....@................................. ...d.......................@............"...............................f..@............ ..P...L|.......................text...\........................... ..`.rdata...m... ...n..................@..@.data....5...........z..............@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jpeg.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):145984
                      Entropy (8bit):6.69725055196282
                      Encrypted:false
                      SSDEEP:3072:S2yRKm4/j/dKLnjHy7OMD+MqS1RYio7+oD33GnUV0fem2M:S2ytqlYnjHehDzqiq+oD33OUV8Vx
                      MD5:4294D39CC9E5F23754D41B9DDE710112
                      SHA1:1BAA1E136F18108AB4E31EC005DEC54FC3F23A7C
                      SHA-256:DE3EEDED01B35DC7C29B0B758211BB1DB73CCFFB9298D281DAF56924ED9E93CB
                      SHA-512:E88DFF129DD35445B32A2DBCAB97CF752E9ACDF82FF88B184FA6D3B461D55BD2D195794802C5BA5E7EFFA086DC89E0C2CEF0C8B0BFA29AC70B75CFB1B4B0584C
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:.j.i.j.i.j.i..5i.j.i..8i.j.i...i.j.i..:i.j.i.j.i.j.i...i.j.i..=i.j.i..<i.j.i..;i.j.iRich.j.i................PE..L....PjW...........!.........P......)..............o.........................`............@.........................."..X.......P....@..............."..@....P..........................................@............................................text...N........................... ..`.rdata...9.......:..................@..@.data........0......................@....rsrc........@......................@..@.reloc..4....P......................@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jsdt.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):16448
                      Entropy (8bit):6.482296988184946
                      Encrypted:false
                      SSDEEP:384:n11I27Bf0jeZy+hiqEyRoPV527rBnYPLr7/U:nrJfYqodYJC78
                      MD5:4BDF31D370F8A893A22820A3B291CC1D
                      SHA1:BD27656B42F881EEE1940CFE15CF84C1938B57BA
                      SHA-256:C98DFAC99CC1E05D5F86B2577031A7624DCC13D0A8344B2855F166335177BC16
                      SHA-512:51623274C13DA71AD01DBAD7950444B512F08C3DC04E27F0321DF02E9F3C4DFB308DEF35F58524CCCCE79ED2A8859D85C16DC0D9BEA378E5538E23602D35AA76
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.m..d>..d>..d>.b.>..d>...>..d>..e>..d>...>..d>...>..d>...>..d>...>..d>...>..d>...>..d>Rich..d>........................PE..L....PjW...........!.........................0.....o.........................p......n.....@.........................P8..:....4..<....P...............(..@....`.......0...............................3..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jsound.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):30784
                      Entropy (8bit):6.609051738644882
                      Encrypted:false
                      SSDEEP:384:mk87qhVj8sqgP7CRLMOPfkGo7UdJs0flkg2uG8RPGHTR5ny5pnYPLr7z:mk87qhVjaMOPJdJFflLJR+V03C7z
                      MD5:7BD914407C6D236B27865A8C63147B7F
                      SHA1:9B49E48705341D30E3F92B85652E924C7985E415
                      SHA-256:549849DC910261D817670B192715430395993E811D0FD3103651237D7F18929D
                      SHA-512:624DC95F696BEA311726EAFB0017F363C8703B95A2E08DE984C642867888CF5B9172326C2E2567ED4A2EA28F806B633840552C80BE49EB6CF2A8FC4A0C259117
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Nu.h &.h &.h &...&.h &...&.h &...&.h &.h!&_h &...&.h &...&.h &...&.h &...&.h &...&.h &Rich.h &........PE..L....PjW...........!.....8...(.......A.......P.....o.................................G....@.........................P^.......V..P....................`..@...........`Q...............................U..@............P..D............................text...66.......8.................. ..`.rdata.. ....P.......<..............@..@.data...$....p.......V..............@....rsrc................X..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\jsoundds.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):27712
                      Entropy (8bit):6.6264206752006825
                      Encrypted:false
                      SSDEEP:768:hgWe1DWI+mB7JkJKe3xVF2XNbuHEqe8yIGn3zY9pcQ/oGmEsg0sqkgiHmNs2Qd6X:qWbEK1Ms2dYJG
                      MD5:6280201C1918EA3293919BB282D2B563
                      SHA1:3F6F5299A435E2A0C36BE8AAD4CB2FCAACD0897D
                      SHA-256:0711127A297E4CC1927D77013FC040CAA26930C34A4C7B4D7631BCE9C8041B74
                      SHA-512:A4C4507ED4FDEC038FAFA62970161E7B75FF9A2ABBDF854ED55483144DCDC0FC9D21235FDDDF1B38303723F9C615AE388397C4D17B5391D8827A5B40AC52C5FC
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q...q...q.......q.......q.......q...q...q....=..q....<..q.......q.......q.......q..Rich.q..........................PE..L....PjW...........!.....6...$.......?.......P.....o................................p;....@.........................0Y.......S.......p...............T..@.......0....Q...............................R..@............P...............................text...f4.......6.................. ..`.rdata.......P.......:..............@..@.data...L....`.......J..............@....rsrc........p.......L..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\kcms.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):178240
                      Entropy (8bit):6.793245389378621
                      Encrypted:false
                      SSDEEP:3072:gWosiKTxga2KtpdhEnGF5PNyR0BxDxxKF5HkEWnuYsauj9Fom1QB:3RRKAtpdhEn/0BzwFpvYm0z
                      MD5:BF299F73480AF97A750492E043D1FADD
                      SHA1:C93C4A2DAE812F31603E42D70711D3B6822F9E8E
                      SHA-256:0334E3B7AE677116B92516172D0CA905723DAF847D8B3B0DC3FC118EDC703D51
                      SHA-512:7265783F0DD653DBC4693D5EFEB156281620C5421F29910F14C22B75A936233E9E897087E64B641335795484837F28F113EE9F380027698A898F19115FD0F648
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:..di..di..di.k.i..di.k.i..di...i..di.k.i..di..ei..di.k.i..di.k.i..di.k.i..di.k.i..diRich..di................PE..L...pPjW...........!.....^...F.......g.......p.....o.................................Z....@.............................d....x..P.......h...............@....... ...`q..............................pw..@............p..H............................text....\.......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....rsrc...h...........................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\keytool.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):15936
                      Entropy (8bit):6.474237923131844
                      Encrypted:false
                      SSDEEP:384:Gps45cnQ6DmSHhV8r0eeU4Szi6nYPLr70aG:Gpsnn4S/8rxeUvC7RG
                      MD5:9A4CF09834F086568DF469E3F670BF07
                      SHA1:594C4E0394475A6299C79E3A063C7D5AE49635F3
                      SHA-256:709E9E544434C52285A72F29AD6B99CE1E7668545F10AD385C87ABF34D2052BB
                      SHA-512:CD551E7944461F3288B880B9D161F19F97EB4599A3A46CC93C4172B5112960FB0C040B9996F13CF0761FB85A283E2F20944135EC59660C807A59B29CDDC44586
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......@....@.................................4#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\kinit.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):15936
                      Entropy (8bit):6.477340414037824
                      Encrypted:false
                      SSDEEP:384:Gps45cnk6LlmSHhV8i+ceek4SzS+nYPLr7wd:Gpsnn5AS/8jZek7C7wd
                      MD5:4DE6BFE6EA98BC42A5358ED8307107B2
                      SHA1:8F687E60784FD9046A361DC1DC85D43051CBD577
                      SHA-256:7C07D167AA4A23AB64A205301663C87E578FF6B31985DF8B51AF80CA6999176F
                      SHA-512:8091AADEACAD1DAC5191EBB996D1E4BE25A19C10A4E76F79AB7EA2A592711FD39AAD7E89D7DEE09385296AA7A649AABFA7C325C4A627AFE1C009C906709EDB5A
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`............@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\klist.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):15936
                      Entropy (8bit):6.477747126356611
                      Encrypted:false
                      SSDEEP:384:GpsJ5cn66FmSHhV8Teeek4SzSgnYPLr7mpB:GpsUngS/8TDekdC7yB
                      MD5:CA17B8CBD623477C5D1D334B79890225
                      SHA1:2BFC372A28EDE40093286CDA45003951A2CE424F
                      SHA-256:A7AC47AC8518E2D53575E12521B3A766A5E2EE4133C6C6AB9AE1C3C6777F5E77
                      SHA-512:D9DDF3E67B9A4E0197D271243623D4DF8A26A35EC2F5195AB316E910E133BA09C70F6D28E7CA69184E4ABABCF063C014D7A6E6EA48F82382B316864A945175C5
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`....... ....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\ktab.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):15936
                      Entropy (8bit):6.476844183458217
                      Encrypted:false
                      SSDEEP:384:Gpsw5cnL6U0mSHhV89+ee84SzSFnYPLr7KTdK:Gps/nHpS/89je80C7KQ
                      MD5:B4AD335E868693F009B7644E2ED555C1
                      SHA1:ECCB9711CF78BCD5BD78231A838B1852764B301C
                      SHA-256:CCA46A54A1A9CE78F7FFC49D195C4AB970AD540B5FCB2B6D9BF57EEDF38EC28D
                      SHA-512:04A4670345B47C5B256220A85FFC68A1DD6DFE8D44838A4C634EB0EBC469EFC307B0BCF838AA1244634A315F365518B1633586B872C6D459EE80374D14234CA4
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......{.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\lcms.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):185920
                      Entropy (8bit):6.517453559791758
                      Encrypted:false
                      SSDEEP:3072:pmxoFzYbnERrNyf0VCyqp2pswAG8wJfV1cnrQKUCc9rBTq/bKQcUMZ:koFJcQCyuZG8wdKcLgbDcU6
                      MD5:D4246AF96E1FFA5E63C55E6F0A63ED82
                      SHA1:30F319CEBD7BCCCFC3637231D07F45BD5A79B03E
                      SHA-256:84576AAC88D08E864645415D8A81F4B8F04C881B7624973C952BA6BCB94F4C8C
                      SHA-512:92EDFE62BE5BDDC47EC51B01F8FE71C69691423ABECBB358A972766ACCDC8F9365C064FD0A7833C8853EDD5DED51791A7662584DB5F54BE3586AC2787160FA6A
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AE.m.$z>.$z>.$z>.\.>.$z>...>.$z>...>.$z>...>.$z>.${>T$z>...>"$z>...>.$z>...>.$z>...>.$z>Rich.$z>........................PE..L...pPjW...........!.................%.......0.....o......................................@..........................P..h...LK..d.......................@.......$... 1...............................I..@............0...............................text............................... ..`.rdata..H#...0...$... ..............@..@.data....h...`...\...D..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\management.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):33344
                      Entropy (8bit):6.5580840927675945
                      Encrypted:false
                      SSDEEP:768:5TuVpsEkV3/azbYJHf2ZdCwhxKdv0tCFC7dRb:5YQV3/az8x2HCSScC4dRb
                      MD5:EFF31A13A4A5D3E9A5BD36E7349D028B
                      SHA1:8E47BE8C1CE4DFD73B7041679E96EA4A17DDB4C0
                      SHA-256:307B816892FDD9BAD9E28953E1BBB4BCE35C8F8CA783C369D7EB52A22BCC4229
                      SHA-512:72148C757624868D3866C40B31149CCA171737D82ADBCDF2C8FB03A9D8F3C1CEA2B2FC5137DD11DAAD2328D3AF8FAE43568DCCD843664BC43323F9357B67B6A0
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\j.29.29.29w..9.29...9.29...9.29..9.29...9.29.39..29...9..29...9.29...9.29...9.29Rich.29........PE..L...pPjW...........!.....,...>......H6.......@.....o................................T.....@..........................T.......K.......................j..@...........pA..............................XJ..@............@..P............................text...^+.......,.................. ..`.rdata...-...@.......0..............@..@.data...@....p.......^..............@....rsrc................`..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\mlib_image.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):574528
                      Entropy (8bit):6.508068830472597
                      Encrypted:false
                      SSDEEP:12288:NtKMEr1LBBgPcvhwhtRtL+tKJZetu4zxLukaMevlOjPMat4+8NMutQaLqqiINw3X:NtKMEr1VBgPcvhwhtRtL+tkZezxLuQeS
                      MD5:5E1B7D0ACCB4275DEAB6312AA246CB3E
                      SHA1:488A5CB9D9C0CF27824DF32B9B76D4F67F6FB485
                      SHA-256:9FC49B3F6FD11A2B2B92748C24F21721D1011B1920D092E38AF4021102125543
                      SHA-512:5A875DD4731E862F753EBB987593DC61D39DD3D3D13CDED284DE27DD09AFA946FA96824AC194EC0DD45AA2CE0D56637A5522F49F28F3C89B7F5248D389B1B62E
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8i.8i.8i.@..8i....8i.8h.8i....8i....8i.....8i....8i....8i....8i.Rich.8i.........PE..L...pPjW...........!...............................o.....................................@......................... ..."......<.......................@...........................................p...@............................................text............................... ..`.rdata..B...........................@..@.data...,...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\msvcp120.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):455328
                      Entropy (8bit):6.698367093574994
                      Encrypted:false
                      SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                      MD5:FD5CABBE52272BD76007B68186EBAF00
                      SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                      SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                      SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\msvcr100.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):773968
                      Entropy (8bit):6.901569696995594
                      Encrypted:false
                      SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                      MD5:BF38660A9125935658CFA3E53FDC7D65
                      SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                      SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                      SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\msvcr120.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):970912
                      Entropy (8bit):6.9649735952029515
                      Encrypted:false
                      SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                      MD5:034CCADC1C073E4216E9466B720F9849
                      SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                      SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                      SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\net.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):79936
                      Entropy (8bit):6.675027571633986
                      Encrypted:false
                      SSDEEP:1536:ygRdVzzmTj2iu+wk5eQjBE55W+hYRwZZ3GFjJJ5n5WF:yIfmHsM5j6VqJJ55WF
                      MD5:691B937A898271EE2CFFAB20518B310B
                      SHA1:ABEDFCD32C3022326BC593AB392DEA433FCF667C
                      SHA-256:2F5F1199D277850A009458EDB5202688C26DD993F68FE86CA1B946DC74A36D61
                      SHA-512:1C09F4E35A75B336170F64B5C7254A51461DC1997B5862B62208063C6CF84A7CB2D66A67E947CBBF27E1CF34CCD68BA4E91C71C236104070EF3BEB85570213EC
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.._e.}.e.}.e.}.~'..d.}.~'..g.}.....f.}.~'..c.}.e.|..}.l...b.}.l...d.}.~'..D.}.~'..d.}.~'..d.}.~'..d.}.Riche.}.................PE..L...pPjW...........!.........l.....................o.........................`......-.....@.............................1............0............... ..@....@...................................... ...@...................l...`....................text............................... ..`.rdata...L.......N..................@..@.data........ ......................@....rsrc........0......................@..@.reloc..*....@......................@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\nio.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):51264
                      Entropy (8bit):6.565433654691718
                      Encrypted:false
                      SSDEEP:768:a+BEJER/xSW/EoB8VBQZbKYawLysHFhIAqQbQMD8YpwQ+Qi4v8qUYVC7R:a+BEJERvQGbKnwusjIAq08YDi4UqUYoR
                      MD5:95EDB3CB2E2333C146A4DD489CE67CBD
                      SHA1:79013586A6E65E2E1F80E5CAF9E2AA15B7363F9A
                      SHA-256:96CF590BDDFD90086476E012D9F48A9A696EFC054852EF626B43D6D62E72AF31
                      SHA-512:AB671F1BCE915D748EE49518CC2A666A2715B329CAB4AB8F6B9A975C99C146BB095F7A4284CD2AAF4A5B4FCF4F939F54853AF3B3ACC4205F89ED2BA8A33BB553
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J!...@..@..@...@..@...u..@...B..@..@..@..8M..@...t..@...E..@...D..@...C..@.Rich.@.........PE..L...pPjW...........!.....V...Z......9_.......p.....o................................X.....@..............................+..L|..........................@.......t....r...............................{..@............p...............................text...TT.......V.................. ..`.rdata...F...p...H...Z..............@..@.data...(...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\npt.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):17472
                      Entropy (8bit):6.403594687791098
                      Encrypted:false
                      SSDEEP:192:A3PK394shTLHzW8KMw3X+PVR6y/FNdoEUtnYe+PjPriT0fwoBpp6Z:BThTrzPPQOPV5NNdoEwnYPLr7xc
                      MD5:94CAADA66F6316A9415A025C68388A18
                      SHA1:57544E446B2B0CFBA0732F1F46522354F94B7908
                      SHA-256:D1C4FB91296D643AEE6AB9CD66CC70ACBE2667AD572D969A06FFEAA2A8859FAF
                      SHA-512:AC29E7C722A266DCB633953EF2A7E33DF02059AC7876FF94828464B5B74B5BC321C5D2D2851F3CBBFE1328D18F3CD9A49E5EFFE7E4E8AC2BEB3A0E4AAA53AD87
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w....@..w..O9K..w....O..w...w...w....M..w....x..w....y..w....H..w....I..w....N..w..Rich.w..........PE..L...qPjW...........!................)........0.....o.........................p......w.....@..........................7.._....3..<....P...............,..@....`.......0...............................2..@............0...............................text...>........................... ..`.rdata..O....0......................@..@.data...X....@......."..............@....rsrc........P.......$..............@..@.reloc.......`.......(..............@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\orbd.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):16448
                      Entropy (8bit):6.380289288441742
                      Encrypted:false
                      SSDEEP:384:GpsCgvnvId6YmSHhV85AeencGtnYPLr7Vz:GpsDngGS/851ebC7Vz
                      MD5:7DA6AA3CC4763C6F9C20B43E6C9A9547
                      SHA1:3F28CF8E6AAD199DCC621F2A2C8AD50126813B05
                      SHA-256:F7375AD07F0BE6FD75E822A9ECFF5ACA073DB03B95894C05C7657BEC7AF59AF4
                      SHA-512:7948EAA11B4026F9975B6CC4225A4C0B617341299364196F3825EEF4484A6EEB529319BF4F6D19436689083C36BF1F6B9880574764612FC900C8CC1D73EED1BB
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......1.....@..................................#..P....@..H............(..@....P....... ..............................h"..@............ ...............................text............................... ..`.rdata..*.... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\pack200.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):15936
                      Entropy (8bit):6.4779230305378315
                      Encrypted:false
                      SSDEEP:384:Gpsk5Bn46zmSHhV8yYAeeU4Sz5uwnYPLr73ki:GpsungS/8yY1eUuwC79
                      MD5:E9AA62B1696145A08D223E7190785E25
                      SHA1:A9A0CB22A28A3843CF6CCBC9578B1438F0A7B500
                      SHA-256:EA9DF3432EF31B6864112AF1CEC94E6BE33B92A9030369B9F99225113BCA6EF8
                      SHA-512:516FA102922980DF592DD08A840DA9073B6568F5E52847968C59995F2BD067AC6D2668D0272AE017D0C71AF627766A8676AE1EB1BC520B76F1F9C5CEEB4BA840
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......#....@.................................D#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\plugin2\msvcr100.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):773968
                      Entropy (8bit):6.901569696995594
                      Encrypted:false
                      SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                      MD5:BF38660A9125935658CFA3E53FDC7D65
                      SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                      SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                      SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\plugin2\npjp2.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):172096
                      Entropy (8bit):6.3747906238754855
                      Encrypted:false
                      SSDEEP:3072:1WkHL+UE3r2l5p2WqjgFWcWpPa6QoCzOb/UcODMM4cBqg8UyJNd5uGZzfYtRD+Em:YdNq5YkFuPYzOb/UcODMM4cBqg8UyJNR
                      MD5:FB658E2F5E185FE5762B169A388BA0BD
                      SHA1:386235AB2F7AD35E82CD9AC97E9B56E1E308BC90
                      SHA-256:A91E68C76A90A02D9EDF75E5141C248B3AA5DD612E37883D27065D78A782AF20
                      SHA-512:B0EAB6F2572552298CD221AF9E71CA7C02375D92E14F7EBD783F5DC9247964F72E658DBFC4273BD3C36DF57199171263F1A4969F133823965448C552BB514EEC
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-n.C=.C=.C=...=..C=a..=..C=...=..C=...=..C=.B=..C=...=..C=...=.C=...=.C=...=.C=...=.C=...=.C=Rich.C=........................PE..L...rPjW...........!.....J...@.......-.......`.....o......................................@.............................A............ ...h..............@.......h....c..................................@............`..H............................text....H.......J.................. ..`.rdata..!....`.......N..............@..@.data...X!..........................@....rsrc....h... ...j..................@..@.reloc...".......$...d..............@..B................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\policytool.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):15936
                      Entropy (8bit):6.477211573452372
                      Encrypted:false
                      SSDEEP:384:Gps25Bnb61mSHhV8nOeet4SzvBQnYPLr7D8/:Gpson1S/8nTetJSC7+
                      MD5:ED3F3D8E4C382BF8095B9DE217511E29
                      SHA1:CAE91B9228C99DCC88BAC3293822AC158430778C
                      SHA-256:800F41B877AA792A8469C4DBB99838E7A833B586EC41BD81DA81EAA571F7FAC1
                      SHA-512:023855267C6CC6BD5230E7A922310328E8DC0521C041C038C579035C9B1E70EAC168695B56357793505375E0B134FAD040BB284C6B02B3190EE7F6FCAEC33FE9
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`...........@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\prism_common.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):52800
                      Entropy (8bit):6.433054716020523
                      Encrypted:false
                      SSDEEP:1536:Rk2X5KQaT9nNrmTTY99ccAlGGzGRulFJWpiDO:RkgUhpmA99ccOGGzGRuPJWpgO
                      MD5:6D05EAD2F6B95C4AFFCFB1B27DC0C188
                      SHA1:0D04A67505D006493F252985AC294B534D271EF2
                      SHA-256:6330591A151E565B5EAB2D174DF8E2F6523A8F403E4E8D8C8DC58D0945881F19
                      SHA-512:DBE98FA16162636039853E9A82CADBE4E6D5A4E6E282A3FBBC122229C314C91E7C445FEB83921EBFE024DC09BC6AA76682F903036A2D2BEA363F1D09DD571B10
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q..D5.w.5.w.5.w..J..7.w.5.v...w.8..6.w.8..6.w.8..9.w.8..7.w.H..2.w.H..4.w.8..4.w.H..4.w.Rich5.w.........................PE..L...pPjW...........!...............................o................................/&....@....................................<.......................@...............................................@............................................text.............................. ..`.rdata..X...........................@..@.data...D...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\prism_d3d.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):116288
                      Entropy (8bit):5.7845827860105885
                      Encrypted:false
                      SSDEEP:3072:UbqmeUF67oaebwU3ta+uHMg9glgFvcfgfgzgG4g9XTXDXp+RuXGXlXdY9vXTXvXQ:8qmeUF67ZeUUVjcIA
                      MD5:5AADADF700C7771F208DDA7CE60DE120
                      SHA1:E9CF7E7D1790DC63A58106C416944FD6717363A5
                      SHA-256:89DAC9792C884B70055566564AA12A8626C3AA127A89303730E66ABA3C045F79
                      SHA-512:624431A908C2A835F980391A869623EE1FA1F5A1A41F3EE08040E6395B8C11734F76FE401C4B9415F2055E46F60A7F9F2AC0A674604E5743AB8301DBADF279F2
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........tm....X...X...X.G.X...X.G.X...X.G.X...X.G.X...XR..X...X...X...X.l.X...X.l.X...X.G.X...X.l.X...XRich...X........PE..L...pPjW...........!................=..............o................................|.....@.........................0...K...|...d.......................@....... ......................................@...............4............................text.............................. ..`.rdata..X...........................@..@.data...............................@....rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\prism_sw.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):86592
                      Entropy (8bit):6.686302444148156
                      Encrypted:false
                      SSDEEP:1536:/QsPinZd9lmzFRQnJ9sSpkWgVenAe7C3xWxNO3A4:lPE9lEmtpkj7eqWxNCA4
                      MD5:5E6DDF7CF25FD493B8A1A769EF4C78F7
                      SHA1:42748051176B776467A31885BB2889C33B780F2D
                      SHA-256:B9BEACA57BFF23C953917C0B2037351EF3334E6A9DE447DCA6542FE5C815BF9F
                      SHA-512:C47F742F064B99E5B9C2BDEAC97472D9D8C9466C9071E9799AF79F820199D9B30B198C33EF635F07A972B77475AFEA9E7417AA6335D22A7380E7B0E552869C18
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!3.ueRr&eRr&eRr&...&gRr&eRs&ERr&h..&fRr&h..&oRr&h..&hRr&h..&gRr&.+.&nRr&.+.&dRr&h..&dRr&.+.&dRr&RicheRr&........PE..L...qPjW...........!................~..............o................................O.....@........................../..B...D4..<....p...............:..@.......\...................................0...@...............|............................text...4........................... ..`.rdata..*w.......x..................@..@.data...$....@....... ..............@..._RDATA.......`.......(..............@..@.rsrc........p.......0..............@..@.reloc..\............4..............@..B................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\resource.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):14912
                      Entropy (8bit):6.381906222478272
                      Encrypted:false
                      SSDEEP:192:kNncquU+hyD13XLPVlD6o+N9F5os7USnYe+PjPriT0fwXF27:kNcWp7PVl67/nYPLr7s27
                      MD5:3C9DC0ED8ADD14A0E5B845C1ACC2FF2E
                      SHA1:25C395ADE02199BEDCEE95C65E088B758CD84435
                      SHA-256:367C552FBA3DA5F22791CF8F22B983871639ECD2EF7F5B1880021FE4C4F65EE4
                      SHA-512:4DD5F68180D03B6621E46732F04B47F996B96F91F67845538D1B303E598CCFDB5E4F785A76DE7DFCB8918125FDB06B9068C4EAB06984B5AA9224DCE90190BA1A
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z>Mg._#4._#4._#4.'.4._#4..4._#4..4._#4..4._#4._"4>_#4..4._#4..4._#4..4._#4..4._#4Rich._#4................PE..L...pPjW...........!......................... .....o.........................`.......>....@..........................%......\"..d....@..............."..@....P..D.... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc.......P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\rmid.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):15936
                      Entropy (8bit):6.466364086630595
                      Encrypted:false
                      SSDEEP:384:Gpss5cnn6vmSHhV8TI1ee84SzK8nYPLr7HuY:Gps7nnS/8Tte8tC7HuY
                      MD5:12B6E1C3205A8B17AC20E00A889DFC43
                      SHA1:42458CFA7135858ACEF10803B87A208FA7E66413
                      SHA-256:EAEA20A794EC6BB15808EF278376A87CF91F9BE15FE6A7DE92014AC4BF75555D
                      SHA-512:174703820636DED2BA081420A8D1E37D67FDA6C13AC406C2F08E16DCF0C7B7D9642E37BC888802B50ED3438D6029C4FECCD7C151B82CF9A91F13F36C4A0B2019
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......r.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\rmiregistry.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):15936
                      Entropy (8bit):6.475930674615241
                      Encrypted:false
                      SSDEEP:384:GpsFG5BnK6xmSHhV8TCeeX4SzREnYPLr7Ggp:Gpsen0S/8TveXUC7jp
                      MD5:31C0CED43A07A2DFF3AFC557EBABBE0F
                      SHA1:9100A7393B919EB35C79CE16A559D783219E2F20
                      SHA-256:B93D0D62436D89C84C66ABBDCF817084A6BA01F7E10053C8F343DF5D53D37536
                      SHA-512:716818BBF6E4F21C2A627259F1D35E8375EFEF9C3B197B3AF6E10A4A1735CC643141C32270DF7F6FE25733517BE38CAA09205B98119996237E8EAE6A7D0825A7
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......84....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\servertool.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):15936
                      Entropy (8bit):6.475447140204412
                      Encrypted:false
                      SSDEEP:384:Gps85BnF26emSHhV8QM1eet4SzvBonYPLr7I:GpsGnFjS/8QBetJWC7I
                      MD5:43C1D1D0E248604CB3B643C0BDF4EC9A
                      SHA1:7BEE9DEB1E43F0FECF0FC57BDFD3F79CF048151F
                      SHA-256:165BFF317674BE33F2920320F3EF0957539E5BF149B673C2073DF48FF93A6D94
                      SHA-512:CAA9B14DF20FFF92CFC4F9A8557804FBD4CC02831824CD53AEAC7D0EE7918BBD50E22A69AB5FFC9E92A468A5201DF263707D373D60378817DC5FEFDE1ABC48BF
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......t....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\splashscreen.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):177216
                      Entropy (8bit):6.909590121652277
                      Encrypted:false
                      SSDEEP:3072:L9Wyo+Jyru3w8WqWnJjOUrI7vh+Dug9PVWU+kmaVE9TBfQiJ8:BWyPsi34i+DugFj+kmaVE9TB4/
                      MD5:8DC2356E3FF3A595AEDE81594A2D259A
                      SHA1:A05E05E9EA8FB0C8928112CA931EB4F5E977B92A
                      SHA-256:B9DE5D3ABBC0AC956E7F590E4C8507FF570B6C353374BB80F413B5846CE322FE
                      SHA-512:D5C83EBDB7192DD361856B236A07AFD4FF95E68E0036396D68A3407ED680D4A36EC857AB101DBA5F583AA67CC45A2835178DAC84A68472C7F619EFA674FE51F0
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................8h....z.l.....8j.....8_......_......g.......h....8^......8o.....8n.....8i....Rich...........................PE..L...pPjW...........!...............................o......................................@.........................`...........P.......................@...........`...................................@...............D...|...@....................text............................... ..`.rdata..]...........................@..@.data....1..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\ssv.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):473152
                      Entropy (8bit):5.475991416072106
                      Encrypted:false
                      SSDEEP:6144:ngmgmb+p19k+j4QJKFDSha+IJ6NyLu/wtAWvrMZp5WMuBzj:n17bsj4QJlha+XNyLu/iAWvhBzj
                      MD5:79CFE207E05F771E29847573593F6DE1
                      SHA1:34DFA813802C6F5A57A557BF72B2B306F8042E90
                      SHA-256:AEB27727F428116069944BB92B477D7487C9DEB3921E1005814536459E35222F
                      SHA-512:2C71A827BB156BD012BE20B30D701D5123D8B6C7889D4F4A47A483D3477C25BF224E7F205CA9FCCB08DA0A2EF28AF6433D018A0E555BCE911C31A5F462F41578
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@.....@..@..@..4@..@.u2@..@.u.@..@../@..@..?@..@..@:.@k..@..@.u.@\.@.u7@..@.u6@..@.u1@..@Rich..@........PE..L...pPjW...........!.....^..........r .......p.....o.........................p............@.........................@D.......+...........s........... ..@.... ..H6...t..................................@............p.......).......................text...\\.......^.................. ..`.rdata.......p.......b..............@..@.data....I...P...*...8..............@....rsrc....s.......t...b..............@..@.reloc...H... ...J..................@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\ssvagent.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):52800
                      Entropy (8bit):6.367562931371078
                      Encrypted:false
                      SSDEEP:768:0UD9dxWf4b4UoY6sUsaJ2sQ7O+phclByW3T9KMDbgz2dN6lDb/9/YMw0c3D6QsTY:0IofovBbS9KMvHR0cz6QsTPOXm2BT9j7
                      MD5:F434A8AC7F1C8C0E2587B9A9F30E397B
                      SHA1:BD62E10E44117A60EB4180412112593D9460299D
                      SHA-256:6A994B389B8F7109238DE6F230B1B540186ED2EC8D081C7601C6996863AA4DC8
                      SHA-512:9896DAC36BD4F7289C7701B75AD8EB9F7ACD233384075A3FBA6E6F2F38E420F37C1A29317EEEA3C4DDBA1791F6F17187DD5BDFDD9F98F095E7D4DF20C0D5EA3E
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Hi.m...>...>...>..u>...>.Fq>...>..w>...>..C>...>.pj>...>.pz>...>...>...>c~B>...>..B>...>..s>...>..t>...>Rich...>........PE..L....HjW.................f...R.......i............@.................................._....@.....................................x.......................@.......X...@...............................P...@...................`........................text....e.......f.................. ..`.rdata...5.......6...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\sunec.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):123968
                      Entropy (8bit):6.699694377005066
                      Encrypted:false
                      SSDEEP:1536:jWi/SLhxEJKv0O4+zwtKg3HquHB2u0YUdRXGCDilgKptxG0ULtt1vtxgl0IlgqA2:+vdtg6ZYUniPe5vtxgl0IlgqA2
                      MD5:0BAB62A0CF67481EA2A7F3CAFD7C5144
                      SHA1:D6B010C815F4D9C675DF918B615FE0AAE45249EA
                      SHA-256:FC57682FDBCA50FAEBFC6B4F5D199FC407A541C110C15F0C850503006D32301A
                      SHA-512:0128813DE247246BF4AECE1B222B6611E5AE1EDE01A1B339CFE0F98184739D7A066DAE4F1A271F544BB39F9B79F053F4B96F2E471B9444C29855CF52FB7835CB
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..@=..=..=..4.1.?....:.<..&G>.>..=.....&G<.:..&G..>..&G.....&G9.<..&G8.<..&G?.<..Rich=..................PE..L...qPjW...........!.........................0.....p......................................@.........................p...:...\...<.......................@............0..................................@............0...............................text............................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..>...........................@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\sunmscapi.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):25664
                      Entropy (8bit):6.488681310308951
                      Encrypted:false
                      SSDEEP:384:GxZ2v7Oc56lspQEgde9M3z27lFOJIjkzIPV5yKlWFKbKwnYPLr7Wo5L:Xr5PQEOe9MD4lFhjk8ddeKWwC7dL
                      MD5:039AD8A7A4B14C321F156878838A2340
                      SHA1:6AD9D2FBA988193D16E7B3278C0D0757AB99B3EF
                      SHA-256:ED3AD7EBA989FB31C2ABC3220694D1446D33659782CB1B333318EC54A577389D
                      SHA-512:7D5B8C191A7D0C4FEDB831DE197A3CB5DC0564AD3F2E57EEE8C506B2308B656D2F0FE086D508FAB8F03CA0E1B0574E708728373DFA3116C9B9FC5DFDB72FEE46
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.............................;......V...............:..........................Rich....................PE..L...rPjW...........!.....(..."......h2.......@.....p.................................3....@.........................`O.......G..d....p...............L..@...........PA..............................8D..@............@..4............................text....&.......(.................. ..`.rdata..8....@.......,..............@..@.data...`....`.......B..............@....rsrc........p.......D..............@..@.reloc..^............H..............@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\t2k.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):195136
                      Entropy (8bit):6.80727029211823
                      Encrypted:false
                      SSDEEP:3072:fmtIwyq6lFq857zCYLFYEVothL10xYOXjV5qECVTHLy71vJ2qIcWYEfQQxIYh5t+:mIwyqM7qYLVVIqhfqfTm1W+Tws
                      MD5:E1904A4B2D6F657B9FEF053893FE3C41
                      SHA1:59AC965A1029AE936DDD5AE623A9A025D49737EC
                      SHA-256:5929E3510F67FEAE073B8995BFC542FD7A0626F57D2FBC829EFC95206DF8F85F
                      SHA-512:C0A60928299EA2E6DC8AD1E3DE9CEF77C8E520585F8D73BD7F56E33705D1A2AEC04AE9C01A8069AE5A0D71F28AEF42F4A260CF4D5BB44A95DCEB70E5C8DB8FEA
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`.zS$...$...$...-..&...?>..'...?>..!...$.......?>.. ...?>......?>..%...?>..%...?>..%...Rich$...................PE..L...pPjW...........!.....f...........p.............p......................... .......]....@.............................f...\...P.......................@...............................................@............................................text....e.......f.................. ..`.rdata..v[.......\...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\tnameserv.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):16448
                      Entropy (8bit):6.392776971200692
                      Encrypted:false
                      SSDEEP:384:GpssZwnvNmc6DDmSHhV8Ogee1cGPnYPLr7fl:GpssqnFm16S/8OVeLC7fl
                      MD5:7624A9B769CDCF3A75FE5A9FEAADD61F
                      SHA1:9269968968CD63D6E1ECC14F78B9A630FCC26FBE
                      SHA-256:41F9A804C888A58DECDE2B63A544DBFF536B40D87CECED197E1A14050858C0DA
                      SHA-512:1AF7BB30E1FC7600AD0A209DB4E077DAB9CEAA5C4332F8B1353ED0DB7EA71B4A9B7D126E756B634D3FB22618E39AFC5ED52263C88E9F7646EAABB0D9240E382B
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......n.....@..................................#..P....@..\............(..@....P....... ..............................."..@............ ...............................text............................... ..`.rdata..J.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\unpack.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):65600
                      Entropy (8bit):6.461111208462538
                      Encrypted:false
                      SSDEEP:1536:lVeogiQWo3IzLIoDY9p6K/sdDAZ5e1x3afX:veDib4oDu4K/sdDAZ5CxEX
                      MD5:806580640A68234A711D3BB0642130A7
                      SHA1:1EDF20DAAC15FE90E9891E95130D0DD70D005B62
                      SHA-256:CCCC2A9F54E4F5961DD45DAA1F6C97ECFB156EA8E0DF82277A2C109EA4D2E036
                      SHA-512:0AAC087449DEECBB1CFAEE5C3144500CDC4C1D209D1F1F7D8EB41DD7870504BF71D0CC9AE7761BFC609F42273B7FB3CA7801AA54FB0E92BC71C41CC5CAECD31C
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.H%..H%..H%..A]).J%...k".I%..S.$.L%..S...D%..S.&.O%..H%..w%..S...A%..S.!.I%..S. .I%..S.'.I%..RichH%..........PE..L...pPjW...........!.........L.....................p......................... .......<....@.........................`...........d.......................@...........................................P...@............................................text............................... ..`.rdata..q-..........................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\unpack200.exe

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):159296
                      Entropy (8bit):6.019927381236816
                      Encrypted:false
                      SSDEEP:3072:9vFy5zbJEQFFB9AYeb11tzTQrTBfYEaf9zQ6NlUlh5:7iFry3b11twTBgEaf9zQ6Nc
                      MD5:C15F0FE651B05F4288CBC3672F6DC3CE
                      SHA1:FFCE84FE532B41F31CDDC41C84024FAFE6BC30E6
                      SHA-256:869DC4D40444F10325057B0CC3BB7EA48942DD712DF8A1AE331A554FF0397F1A
                      SHA-512:E9E27C4C68972E3250B380C1A5D5EB02BEC03028D389234A44A7D56974BFA233D177173F929BDB6FF877AE17A529D85D384684B0037E260A0143F7A95A0204C6
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ar.:%..i%..i%..i,kKi'..i.]@i&..i>.Di&..i%..in..i>.Fi ..i>.ri8..i>.si,..i>.Bi$..i>.Ei$..iRich%..i........PE..L....DjW..........................................@..................................c....@..................................p..<....................V..@........... ...............................@6..@............q...............................text............................... ..`.rdata.............................@..@.data........P.......(..............@....idata..D....p.......8..............@....rsrc................B..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\verify.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):39488
                      Entropy (8bit):6.751057397220933
                      Encrypted:false
                      SSDEEP:768:Okt1MVMrA9/Klzwz9UyCgMUt9onPs3h3nVt83OndMY7dmMpAnC70N:Oo1oMQ/CrPa3VWO+gdmMW6q
                      MD5:DE2167A880207BBF7464BCD1F8BC8657
                      SHA1:0FF7A5EA29C0364A1162A090DFFC13D29BC3D3C7
                      SHA-256:FD856EA783AD60215CE2F920FCB6BB4E416562D3C037C06D047F1EC103CD10B3
                      SHA-512:BB83377C5CFF6117CEC6FBADF6D40989CE1EE3F37E4CEBA17562A59EA903D8962091146E2AA5CC44CFDDDF280DA7928001EEA98ABF0C0942D69819B2433F1322
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.d....]...]...]...]...].H.]...].H.]...].H.]...]...]_..].H.]...].H.]...].H.]...].H.]...]Rich...]........................PE..L...pPjW...........!.....N...4.......W.......`.....p................................*k....@.................................<x..P.......................@...........Pa...............................v..@............`..<............................text....L.......N.................. ..`.rdata..e!...`..."...R..............@..@.data...(............t..............@....rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\w2k_lsa_auth.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):21568
                      Entropy (8bit):6.4868701533420925
                      Encrypted:false
                      SSDEEP:384:uVI9/tEAHVvfiqiW9LEiGTHb6hVXbS7fLsD5bGGNET7T7T7T7JyFoynPV5hgGLVt:uVI9/yA9f1iW9LEiGTHb6hVXbS7QbGG9
                      MD5:7C2959F705B5493A9701FFD9119C5EFD
                      SHA1:5A52D57D1B96449C2B40A82F48DE2419ACA944C3
                      SHA-256:596F89E7E5D9AC2B1F97FA36A20A7405C1CC41A9FCBA96DB089ADA4550131B24
                      SHA-512:B7B48BD14701F75B9018BEDEE5A4CFCEBDAC342F83339FB3F1EFB7855598474C9D1CC993B5D4ADD3326140435087D2BD7CBBC18BC76C64EAD6234A9A7D57C552
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..3..`..`..`.E.`..`.E.`..`.E `..`...`..`..`2.`.E!`..`.E.`..`.E.`..`.E.`..`Rich..`........................PE..L...pPjW...........!.........".......#.......0.....p.................................h....@.........................@B.......<..x....`...............<..@....p.......0...............................;..@............0...............................text............................... ..`.rdata..6....0......................@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc..&....p.......8..............@..B................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\wsdetect.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):163904
                      Entropy (8bit):6.508553433039132
                      Encrypted:false
                      SSDEEP:3072:onzJtwzsrYx6cY+90AiVrM5muIqltkt7maRoM/X1fJqO0NJT:onttwzsrYxTaVVY5muIq3mx/X1fcb
                      MD5:A63387A1BFDF760575B04B7BFD57FF89
                      SHA1:9384247599523D97F40B973A00EE536848B1D76F
                      SHA-256:5DF5B7E6EFCC345DDC8448AFC707B666F5F696F554B00ACA64D8E23EDBC176BF
                      SHA-512:CB3A6A394424345FFA076E0BE58F284A0E4DB6FBFCE02D93FB4871D350A7FA1E673175AE988C26453DB1C983C0D06A01DD413DE47031BB4BF308CAAF3513C36F
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...T.^.T.^.T.^..)^.T.^../^.T.^...^&T.^.".^.T.^.,2^.T.^.,"^.T.^.T.^MT.^...^.T.^..*^.T.^..+^.T.^..,^.T.^Rich.T.^................PE..L...rPjW...........!...............................p......................................@.................................D........p..P............h..@.......d...................................P...@.......................@....................text............................... ..`.rdata...d.......f..................@..@.data...`@... ..."..................@....rsrc...P....p.......(..............@..@.reloc..~/.......0...8..............@..B........................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\zip.dll

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):69696
                      Entropy (8bit):6.89860109289213
                      Encrypted:false
                      SSDEEP:1536:ZCghp1EJqcGdjandlraksIOwIOpVnToIft4tpgO6:/142jUhimp9TBft4tqO6
                      MD5:CB99B83BBC19CD0E1C2EC6031D0A80BC
                      SHA1:927E1E24FD19F9CA8B5191EF3CC746B74AB68BCD
                      SHA-256:68148243E3A03A3A1AAF4637F054993CB174C04F6BD77894FE84D74AF5833BEC
                      SHA-512:29C4978FA56F15025355CE26A52BDF8197B8D8073A441425DF3DFC93C7D80D36755CC05B6485DD2E1F168DF2941315F883960B81368E742C4EA8E69DD82FA2BA
                      Malicious:false
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H....................2.................4.....................5.............................Rich............PE..L...pPjW...........!.........h.....................p.........................0......V.....@.................................L...d.......................@.... ..X...0...................................@............................................text............................... ..`.rdata..wV.......X..................@..@.data...............................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\accessibility.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):155
                      Entropy (8bit):4.618267268558291
                      Encrypted:false
                      SSDEEP:3:nSkoZgZLXnuWxVEsTwVAAiuKIn7IRAdSPGGzJ0vwQAnfMaAHCRyvy:nBcAPWEwVAkIiSPhwwpkaAHCIa
                      MD5:9E5E954BC0E625A69A0A430E80DCF724
                      SHA1:C29C1F37A2148B50A343DB1A4AA9EB0512F80749
                      SHA-256:A46372B05CE9F40F5D5A775C90D7AA60687CD91AAA7374C499F0221229BF344E
                      SHA-512:18A8277A872FB9E070A1980EEE3DDD096ED0BBA755DB9B57409983C1D5A860E9CBD3B67E66FF47852FE12324B84D4984E2F13859F65FABE2FF175725898F1B67
                      Malicious:false
                      Preview:#..# Load the Java Access Bridge class into the JVM..#..#assistive_technologies=com.sun.java.accessibility.AccessBridge..#screen_magnifier_present=true....

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\calendars.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1438
                      Entropy (8bit):5.214662998532387
                      Encrypted:false
                      SSDEEP:24:QVDpdQYHLOVhl86bePCkHUMCLC9TFcgg+DR+Oby:MQ4LOVh2WGfUMCLC9Zcgg2Ru
                      MD5:92BA2D87915E6F7F58D43344DF07E1A6
                      SHA1:872BC54E53377AAC7C7616196BCCE1DB6A3F0477
                      SHA-256:68F0CF30429A42A6FE78B1DE91970E5C78FD03D1599BEB080C1C196D5C59E4C0
                      SHA-512:A964E2CEB4D601FAF28ECF13FB11777B70708C21CF9EA23721E462B6E911051108B8A42EBF6447FA49CB61D7FA2D79475F50EE791F1121616371E2B02FAB71B6
                      Malicious:false
                      Preview:# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..# Japanese imperial calendar..#..# Meiji since 1868-01-01 00:00:00 local time (Gregorian)..# Taisho since 1912-07-30 00:00:00 local time (Gregorian)..# Showa since 1926-12-25 00:00:00 local time (Gregorian)..# Heisei since 1989-01-08 00:00:00 local time (Gregorian)..calendar.japanese.type: LocalGregorianCalendar..calendar.japanese.eras: \...name=Meiji,abbr=M,since=-3218832000000; \...name=Taisho,abbr=T,since=-1812153600000; \...name=Showa,abbr=S,since=-1357603200000; \...name=Heisei,abbr=H,since=600220800000....#..# Taiwanese calendar..# Minguo since 1911-01-01 00:00:00 local time (Gregorian)..calendar.taiwanese.type: LocalGregorianCalendar..calendar.taiwanese.eras: \...name=MinGuo,since=-1830384000000....#..# Thai Buddhist calendar..# Buddhist Era since -5

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\charsets.jar

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Java archive data (JAR)
                      Category:dropped
                      Size (bytes):3091908
                      Entropy (8bit):6.633254981822853
                      Encrypted:false
                      SSDEEP:49152:puZi4j4TQkgaSOHEhjy2twRYEc1sJzlbguMuD:puZiW4smxGocuJlbgq
                      MD5:0B3923ABB0D48FDAE7A2306717967B39
                      SHA1:0882294FFEC2769023AA36FF9CC53562F8E26020
                      SHA-256:E88AEC2A49F07CAC9471D9E4C113FA189600B57245685814D043C20EA8A8B471
                      SHA-512:CF622081B290140CE8419B30FB25442F7204C9A37E1490030A4D656F66C509946F48C50CC7794DA51007EFB202805605FE3C2AC3534D63FBF928EA35CE16A040
                      Malicious:false
                      Preview:PK........s..H................META-INF/....PK........s..H<:S1D...D.......META-INF/MANIFEST.MFManifest-Version: 1.0..Created-By: 1.7.0_07 (Oracle Corporation)....PK...........HUi..............sun/nio/cs/ext/Big5.class.......4."..........t....t............................................................................................................................................................................................................................................................................................................................................................................~.........b2cSBStr...Ljava/lang/String;...ConstantValue...b2cStr...[Ljava/lang/String;...b2c...[[C...b2cSB...[C...b2cInitialized...Z...c2b...c2bIndex...c2bInitialized...<init>...()V...Code...LineNumberTable...historicalName...()Ljava/lang/String;...contains...(Ljava/nio/charset/Charset;)Z...StackMapTable...newDecoder..#()Ljava/nio/charset/CharsetDecoder;...newEncoder..#()Ljava/nio/charset/Ch

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\classlist

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):84355
                      Entropy (8bit):4.927199323446014
                      Encrypted:false
                      SSDEEP:1536:4X/nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+KMjD:qxn5rxLyMzbf5OK3CJNG51g86A
                      MD5:7FC71A62D85CCF12996680A4080AA44E
                      SHA1:199DCCAA94E9129A3649A09F8667B552803E1D0E
                      SHA-256:01FE24232D0DBEFE339F88C44A3FD3D99FF0E17AE03926CCF90B835332F5F89C
                      SHA-512:B0B9B486223CF79CCF9346AAF5C1CA0F9588247A00C826AA9F3D366B7E2EF905AF4D179787DCB02B32870500FD63899538CF6FAFCDD9B573799B255F658CEB1D
                      Malicious:false
                      Preview:java/lang/Object..java/lang/String..java/io/Serializable..java/lang/Comparable..java/lang/CharSequence..java/lang/Class..java/lang/reflect/GenericDeclaration..java/lang/reflect/AnnotatedElement..java/lang/reflect/Type..java/lang/Cloneable..java/lang/ClassLoader..java/lang/System..java/lang/Throwable..java/lang/Error..java/lang/ThreadDeath..java/lang/Exception..java/lang/RuntimeException..java/lang/SecurityManager..java/security/ProtectionDomain..java/security/AccessControlContext..java/security/SecureClassLoader..java/lang/ClassNotFoundException..java/lang/ReflectiveOperationException..java/lang/NoClassDefFoundError..java/lang/LinkageError..java/lang/ClassCastException..java/lang/ArrayStoreException..java/lang/VirtualMachineError..java/lang/OutOfMemoryError..java/lang/StackOverflowError..java/lang/IllegalMonitorStateException..java/lang/ref/Reference..java/lang/ref/SoftReference..java/lang/ref/WeakReference..java/lang/ref/FinalReference..java/lang/ref/PhantomReference..sun/misc/Cleaner

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\cmm\CIEXYZ.pf

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Sun KCMS color profile 2.0, type KCMS, XYZ/XYZ-spac device, 51236 bytes, 2-12-1997 18:50:04, dependently, PCS X=0xf6b3 Z=0xd2f8 "XYZ to XYZ Identity Profile"
                      Category:dropped
                      Size (bytes):51236
                      Entropy (8bit):7.226972359973779
                      Encrypted:false
                      SSDEEP:1536:2Qnt0y7xFNksbeCqY39JJ8GmaNo68GmaNo68GmaNoW:JOy7xXjtqYNfHxNo6HxNo6HxNoW
                      MD5:10F23396E21454E6BDFB0DB2D124DB85
                      SHA1:B7779924C70554647B87C2A86159CA7781E929F8
                      SHA-256:207D748A76C10E5FA10EC7D0494E31AB72F2BACAB591371F2E9653961321FE9C
                      SHA-512:F5C5F9FC3C4A940D684297493902FD46F6AA5248D2B74914CA5A688F0BAD682831F6060E2264326D2ECB1F3544831EB1FA029499D1500EA4BFE3B97567FE8444
                      Malicious:false
                      Preview:...$KCMS....spacXYZ XYZ .........2..acspSUNW....KODA.ODA............................................................................A2B0.......4B2A0.......4cprt.......Gwtpt...T....desc...h....K070........K071........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~.................................................................................................................................................................................................................................................................................................................................. !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmm

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\cmm\GRAY.pf

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Sun KCMS color profile 2.0, type KCMS, GRAY/XYZ-mntr device, KODA/GRAY model, 632 bytes, 27-7-95 17:30:15, embedded, relative colorimetric, PCS Z=0xd32b "KODAK Grayscale Conversion - Gamma 1.0"
                      Category:dropped
                      Size (bytes):632
                      Entropy (8bit):3.7843698642539243
                      Encrypted:false
                      SSDEEP:12:51AP3fJgXQ531yqQac/lkgz42WlHlYujlOl9Fhl:vA2XQCqpUlkgzulHiXl3hl
                      MD5:1002F18FC4916F83E0FC7E33DCC1FA09
                      SHA1:27F93961D66B8230D0CDB8B166BC8B4153D5BC2D
                      SHA-256:081CAAC386D968ADD4C2D722776E259380DCF78A306E14CC790B040AB876D424
                      SHA-512:334D932D395B46DFC619576B391F2ADC2617E345AFF032B592C25E333E853735DA8B286EF7542EB19059CDE8215CDCEA147A3419ED56BDD6006CA9918D0618E1
                      Malicious:false
                      Preview:...xKCMS....mntrGRAYXYZ ._..........acspSUNW....KODAGRAY.......................+....................................................cprt.......?desc........dmnd.......`wtpt........kTRC........dmdd.......dtext....COPYRIGHT (c) 1997 Eastman Kodak, All rights reserved...desc.......'KODAK Grayscale Conversion - Gamma 1.0..................@...............~.......................~.......~..............desc........KODAK..................@..................................................,...,....XYZ ...............+curv............desc........Grayscale..................@..................................................,...,....

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\cmm\LINEAR_RGB.pf

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:color profile 2.0, type KCMS, RGB/XYZ-mntr device by KODK, 1044 bytes, 2-2-1998, PCS Z=0xd32c "linear sRGB"
                      Category:dropped
                      Size (bytes):1044
                      Entropy (8bit):6.510788634170065
                      Encrypted:false
                      SSDEEP:6:zwuau/7De0/q98EAsBIMD/WvaKIV4R0/lCAEdD0WlV9AEdwKKt/n3knR3lfR/NHD:zw7ePB/rEAsBIkVuUlAYKu/nUnKw
                      MD5:A387B65159C9887265BABDEF9CA8DAE5
                      SHA1:7913274C2F73BAFCF888F09FF60990B100214EDE
                      SHA-256:712036AA1951427D42E3E190E714F420CA8C2DD97EF01FCD0675EE54B920DB46
                      SHA-512:359D9B57215855F6794E47026C06036B93710998205D0817C6E602B2A24DAEB92537C388F129407461FC60180198F02A236AEB349A17430ED7AC85A1E5F71350
                      Malicious:false
                      Preview:....KCMS....mntrRGB XYZ ............acsp........KODK...........................,KODK................................................cprt.......Hdesc...8....rXYZ........gXYZ........bXYZ........rTRC........gTRC........bTRC........wtpt........text....Copyright (c) Eastman Kodak Company, 1998, all rights reserved..desc........linear sRGB............l.i.n.e.a.r. .s.R.G.B.....linear sRGB........................................................XYZ ......m...6.....XYZ ......e........!XYZ ......#B...^...Kcurv........................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..........................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\cmm\PYCC.pf

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Sun KCMS color profile 2.0, type KCMS, 3CLR/Lab-spac device, 274474 bytes, 6-11-1996 7:50:04, PCS X=0xf6b3 Z=0xd2f8 "Std Photo YCC Print"
                      Category:dropped
                      Size (bytes):274474
                      Entropy (8bit):7.843290819622709
                      Encrypted:false
                      SSDEEP:6144:nJleRNRyAnAqNaADEJHeeeeevoAuaiqwV6sg0pUjRVgYgI:nJleRNRpN0j3qhjRC9I
                      MD5:24B9DEE2469F9CC8EC39D5BDB3901500
                      SHA1:4F7EED05B8F0EEA7BCDC8F8F7AAEB1925CE7B144
                      SHA-256:48122294B5C08C69B7FE1DB28904969DCB6EDC9AA5076E3F8768BF48B76204D0
                      SHA-512:D23CE2623DE400216D249602486F21F66398B75196E80E447143D058A07438919A78AE0ED2DDF8E80D20BD70A635D51C9FB300E9F08A4751E00CD21883B88693
                      Malicious:false
                      Preview:..0*KCMS....spac3CLRLab .........2..acspSUNW....KODAnone............................................................................A2B0... ...4B2A0...T..f4cprt..-....Gdmnd..-....ndmdd...@...zwtpt........desc.......nK013../@....K019../L....K030../.....K031..0.....K070..0.....K071..0 ....mft2.....................................................K.S.8.....l.....0...3.........U.. .!h".$.%\&.'.)5*y+.,..5/o0.1.3.4E5v6.7.8.:*;S<z=.>.?.A.B,CLDkE.F.G.H.I.K.L!M7NLO`PsQ.R.S.T.U.V.W.X.Y.[.\.].^._%`,a2b8c=dAeEfHgJhLiMjMkMlLmKnIoFpCq@r;s7t1u,v%w.x.y.z.z.{.|.}.~...............p.b.S.C.3.#..............~.j.U.@.+.............t.\.C.*...........r.W.;...........p.R.3..........w.V.6.........l.J.'........v.R.-.......t.N.(.......f.?........v.N.%........U.+.......U.*......z.N."......n.@.......Z.+......o.@.........P. .......\.+.......d.1...........................z.p.f.[.Q.G.=.3.). ........................ .!.".#.$.%.&{'s(k)d*]+U,N-G.@/9021,2%3.4.5.6.7.8.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\cmm\sRGB.pf

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Microsoft color profile 2.1, type Lino, RGB/XYZ-mntr device, IEC/sRGB model by HP, 3144 bytes, 9-2-1998 6:49:00 "sRGB IEC61966-2.1"
                      Category:dropped
                      Size (bytes):3144
                      Entropy (8bit):7.026867070945169
                      Encrypted:false
                      SSDEEP:48:+FflsXlf/lulel4wlwx+6MjnNsvIYWiR5QkyTJbZPHXZ9u6gbVwyKzJgWjU:aN26MT0D5MdtbZPAVwzV0
                      MD5:1D3FDA2EDB4A89AB60A23C5F7C7D81DD
                      SHA1:9EAEA0911D89D63E39E95F2E2116EAEC7E0BB91E
                      SHA-256:2B3AA1645779A9E634744FAF9B01E9102B0C9B88FD6DECED7934DF86B949AF7E
                      SHA-512:16AAE81ACF757036634B40FB8B638D3EBA89A0906C7F95BD915BC3579E3BE38C7549EE4CD3F344EF0A17834FF041F875B9370230042D20B377C562952C47509B
                      Malicious:false
                      Preview:...HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._.....

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\content-types.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):5824
                      Entropy (8bit):5.074440246603207
                      Encrypted:false
                      SSDEEP:96:6M5VfH+uEMmPDkZeujdJfZUB8BB/+PhPXsOQ71GAXf5lZuU1EbWF7Ycx/AQ12a8T:6M6p4ZeWd1ZUB8BBGPhPXsOQ71GAXBly
                      MD5:95AE170D90764B3F5E68C72E8C518DDC
                      SHA1:1939B699D16A5DB3E3F905466222099D7C29285A
                      SHA-256:A2B31E9CBCEAB296A5E1CF056EFD953CED23B888CD929B0BBE6EB6B53D2BF861
                      SHA-512:87E970BEAC8141C757D622FC8B6D84FE173EA4B134AFD8E2F979714C1110C3D92F3CE5F2B9DC74804DD37D13AB2A0EDF0FCA242F61CF8ED065AE81B7331F8816
                      Malicious:false
                      Preview:#sun.net.www MIME content-types table..#..# Property fields:..#..# <description> ::= 'description' '=' <descriptive string>..# <extensions> ::= 'file_extensions' '=' <comma-delimited list, include '.'>..# <image> ::= 'icon' '=' <filename of icon image>..# <action> ::= 'browser' | 'application' | 'save' | 'unknown'..# <application> ::= 'application' '=' <command line template>..#....#..# The "we don't know anything about this data" type(s)...# Used internally to mark unrecognized types...#..content/unknown: description=Unknown Content..unknown/unknown: description=Unknown Data Type....#..# The template we should use for temporary files when launching an application..# to view a document of given type...#..temp.file.template: c:\\temp\\%s....#..# The "real" types...#..application/octet-stream: \...description=Generic Binary Stream;\...file_extensions=.saveme,.dump,.hqx,.arc,.obj,.lib,.bin,.exe,.zip,.gz....application/oda: \...description=ODA Document;\...file_extens

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\currency.data

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4122
                      Entropy (8bit):3.2585384283455134
                      Encrypted:false
                      SSDEEP:48:BlWxFFGFSupi94blATFxjGph5vLC6/w37ZXQTbVm/eVzOBJ:BlWJEi94blAT+ph5vLkApmGqr
                      MD5:F6258230B51220609A60AA6BA70D68F3
                      SHA1:B5B95DD1DDCD3A433DB14976E3B7F92664043536
                      SHA-256:22458853DA2415F7775652A7F57BB6665F83A9AE9FB8BD3CF05E29AAC24C8441
                      SHA-512:B2DFCFDEBF9596F2BB05F021A24335F1EB2A094DCA02B2D7DD1B7C871D5EECDA7D50DA7943B9F85EDB5E92D9BE6B6ADFD24673CE816DF3960E4D68C7F894563F
                      Malicious:false
                      Preview:CurD..........................@C..,M...................... K...C..PF..4@...........R...........C......TF...........M..DL...C.......S..........<M...c...................C...C...A..........hK...C...M.......... O......8...PC...C..........@E...............E..............`.......pX...O...........B...C.......O...D..............,J..........................................@J..............XO..........................................0C...........................O...........................................M.......A...............................................................C...O...................................................................O..........TK...........R...O..............8C...........................P.................. C..............................................`C..........PK...............J......0F..pE...................................Q...............................R.......Q...........c...Q...................................................................................C

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy.jar

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Java archive data (JAR)
                      Category:dropped
                      Size (bytes):2282861
                      Entropy (8bit):7.951223313727943
                      Encrypted:false
                      SSDEEP:49152:ABSxAmHHJwEu4l3Dyz7oQHeNHJJ2aAvfZc:ABEtHHaEuI3Dy3oQH2pFAvW
                      MD5:2388C4C8D5F95E0379A8997C7C2492F4
                      SHA1:906BF87EB1D8881ABADBF93A3C4BBA7887CA2A01
                      SHA-256:A1FD508EACF76645EB0885B243B5DD14239F1E039E8B53ED038226DF91A30539
                      SHA-512:2CCE11A5F97DF842964B55408FCF1EC84C0CD561E664ABA3A51275EAFE59D7C920FCFD954C527DA4D53ACB191200CC64BF8150A33BCB9B038F36ADB2CC69B1A1
                      Malicious:false
                      Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/oracle/PK...........H................com/oracle/deploy/PK...........H................com/oracle/deploy/update/PK...........H................com/sun/PK...........H................com/sun/applet2/PK...........H................com/sun/applet2/preloader/PK...........H............ ...com/sun/applet2/preloader/event/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/appcontext/PK...........H................com/sun/deploy/association/PK...........H............#...com/sun/deploy/association/utility/PK...........H................com/sun/deploy/cache/PK...........H................com/sun/deploy/config/PK...........H................com/sun/deploy/jardiff/PK...........H................com/sun/deploy/model/PK.....

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\ffjcext.zip

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Zip archive data, at least v1.0 to extract, compression method=store
                      Category:dropped
                      Size (bytes):14156
                      Entropy (8bit):5.649187440261259
                      Encrypted:false
                      SSDEEP:48:E84SHTDIbZI+R9ufdITe3MPu20DguN9P5YOinvYrJJ0JKP/U8HtK8NJO8lJi8VJb:kld6uQZ9P5dTC7IjZUkPmpaemFqKs8n
                      MD5:91052ADB799AEF68EA76931997C40CE4
                      SHA1:19255B8E335C22A171C26148099191708C99EE7A
                      SHA-256:61D1382375238F90E2E4EE2AF985D978F1409E01B38080E710DF4ACB2897E63B
                      SHA-512:39BAA49A1CEF533E5D3FFF1A86BC72CB346A6BF1928A9D8B505EBA09A4AB1506400234DE78BDFD925821F0A690B8887BD004A18CC64337DEB666CC2509DEE5DA
                      Malicious:false
                      Preview:PK........$..H............'...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/UT....GjW.GjWux.............PK........#..H................{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/UT....GjW.GjWux.............PK........#..H............6...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/UT....GjW.GjWux.............PK........#..H............>...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/UT....GjW.GjWux.............PK........#..H...V........H...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.jsUT....GjW.GjWux.............const gJavaConsole1_8_0_101 = {...id.: "javaconsole1.8.0_101",...mimeType: "application/x-java-applet;jpi-version=1.8.0_101",...install.: function() {...window.addEventListener("load",this.init,false);..},...init.: function() { ...if (navigator.mimeTypes[gJavaConsole1_8_0_101.mimeType]) {....var toolsPopup = document.getElementById("menu_ToolsPopup");.....toolsPopup.addEventListener("popupshowing",gJavaConsole1_8_0_101.enable,false)

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\messages.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):2917
                      Entropy (8bit):4.838706790124659
                      Encrypted:false
                      SSDEEP:48:KaDMJ9TmsHDmDDCDP2un8YzgKe1E13Tstub22tTeF/Qi/WRtAXikTzgaENZzT3JI:KaD+9TmAe29vBotubbt2Oz+ENlbJI
                      MD5:2EB9117D147BAA0578E4000DA9B29E12
                      SHA1:3D297ECF3D280D4AA3D1423E885994495243F326
                      SHA-256:B8D9C69FF7F4832A9B365D4A43CF66DFF9847051752B13EEDF024CAA9C1EF46B
                      SHA-512:C3F7730767941B3C8F6F53D4686E9F898D1907D978F6D1FA35BA02C3FCD8306335406A5F9ABAA844F27F7AFD9E548810BECB9EC3E6B84888EA5EAC57B6ED6FDB
                      Malicious:false
                      Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internal error, unknown message..error.badinst.nojre=Bad installation. No JRE found in configuration file..error.launch.execv=Error encountered while invoking Java Web Start (execv)..error.launch.sysexec=Error encountered while invoking Java Web Start (SysExec) ..error.listener.failed=Splash: sysCreateListenerSocket failed..error.accept.failed=Splash: accept failed..error.recv.failed=Splash: recv failed..error.invalid.port=Splash: didn't revive a valid port..error.read=Read past end of buffer..error.xmlparsing=XML Parsing error: wrong kind of token found..error.splash.exit=Java Web Start splash screen process exiting .....\n..# "Last WinSock Error" means the error message for the last operation that failed...error.winsock=\tLast WinSock Error: ..error.winsock.load=Couldn't load winsock.dll..error.winsock.start

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\messages_de.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (1345), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3338
                      Entropy (8bit):4.919780187496773
                      Encrypted:false
                      SSDEEP:48:WvaqyL1nlrDtzh5+VN9JrnjXyv6jq/YgKe1h/KZkCUdr5pAvA1t2CPTOsdIamy:txrj5Snk6+wuir25pAvAv2ITOsd9
                      MD5:FF9CFEE1ACFCD927253A6E35673F1BB7
                      SHA1:957E6609A1AF6D06A45A6F7B278BE7625807B909
                      SHA-256:E130FBD5FA378A380F46F42981F2C97BC152059C27120204AB4DA47079D31513
                      SHA-512:F42601092436D7AF30CCD81126185232D9D643B195D3D4619AEC451E3E2A60E33E6378E770DD1A4CDF7AB20CB749371665A992CA73D2842A7102F3FB34B6B9EB
                      Malicious:false
                      Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=interner Fehler, unbekannte Meldung..error.badinst.nojre=Ung\u00FCltige Installation. Keine JRE in Konfigurationsdatei gefunden..error.launch.execv=Fehler beim Aufrufen von Java Web Start (execv) aufgetreten..error.launch.sysexec=Fehler beim Aufrufen von Java Web Start (SysExec) aufgetreten..error.listener.failed=Startbildschirm: sysCreateListenerSocket nicht erfolgreich..error.accept.failed=Startbildschirm: accept nicht erfolgreich..error.recv.failed=Startbildschirm: recv nicht erfolgreich..error.invalid.port=Startbildschirm: Reaktivierung eines g\u00FCltigen Ports nicht m\u00F6glich..error.read=\u00DCber Pufferende hinaus gelesen..error.xmlparsing=XML-Parsefehler: Falscher Tokentyp gefunden..error.splash.exit=Prozess f\u00FCr Startbildschirm von Java Web Start wird beendet.....\n..# "Last WinSock Error" mean

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\messages_es.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (1475), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3632
                      Entropy (8bit):4.776451902180833
                      Encrypted:false
                      SSDEEP:96:KHelXJn5woLUosi30hrleaRSfvlBY0CQ1Z:KHelNTAxFtlE/71Z
                      MD5:72BDAE07C5D619E5849A97ACC6A1090F
                      SHA1:9FC8A7A29658AC23A30AB9D655117BB79D08DC3B
                      SHA-256:821A3452ECB9F29BCEC16C0B39FB668C2CC30C7F7283B34BFC5400040723892B
                      SHA-512:67F0D1D60012B5598864B68612AA488AF1B5876FF5F347CD98ABCF1E3C0D267CF0354D5085BF12B0A09C6EF124FD0117CD16FCC032DA2B195D45BAB19740BB78
                      Malicious:false
                      Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=Error interno, mensaje desconocido..error.badinst.nojre=Instalaci\u00F3n incorrecta. No se ha encontrado JRE en el archivo de configuraci\u00F3n..error.launch.execv=Se ha encontrado un error al llamar a Java Web Start (execv)..error.launch.sysexec=Se ha encontrado un error al llamar a Java Web Start (SysExec) ..error.listener.failed=Pantalla de Presentaci\u00F3n: fallo de sysCreateListenerSocket..error.accept.failed=Pantalla de Presentaci\u00F3n: fallo de accept..error.recv.failed=Pantalla de Presentaci\u00F3n: fallo de recv..error.invalid.port=Pantalla de Presentaci\u00F3n: no se ha activado un puerto v\u00E1lido..error.read=Lectura m\u00E1s all\u00E1 del final del buffer..error.xmlparsing=Error de an\u00E1lisis de XML: se ha encontrado un tipo de token no v\u00E1lido..error.splash.exit=Saliendo del proceso d

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\messages_fr.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (1575), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3441
                      Entropy (8bit):4.832330268062187
                      Encrypted:false
                      SSDEEP:48:KE2CXpRLJDNXQC6tNaEGBlu9hUv5//zEvDiwkISAyHgKe1p6KF/uoYuh1LNRtS0f:KERXlp6tN1VHq1Kt1S4x8Xi
                      MD5:FFE3CC16616314296C3262B0A0E093CD
                      SHA1:198DD1C6E6707C10AE74A1C42E8A91C429598F3B
                      SHA-256:3941736BEF6A8E53D002B6B67ECE4793C2F3F34BCC1ECB271684EB3F73FC4103
                      SHA-512:CD3A9329F405CA14E11CDBB74D467B31A31530CBF00537B16FB23AEBC6C07EB268E9624FDBC997AA0CF4852DAC288E1D011E2FC392D71E25DBDF52E359BA9D4E
                      Malicious:false
                      Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erreur interne, message inconnu..error.badinst.nojre=Installation incorrecte. JRE introuvable dans le fichier de configuration..error.launch.execv=Erreur lors de l'appel de Java Web Start (execv)..error.launch.sysexec=Erreur lors de l'appel de Java Web Start (SysExec) ..error.listener.failed=Accueil : \u00E9chec de sysCreateListenerSocket..error.accept.failed=Accueil : \u00E9chec d'accept..error.recv.failed=Accueil : \u00E9chec de recv..error.invalid.port=Accueil : impossible de r\u00E9activer un port valide..error.read=Lecture apr\u00E8s la fin de tampon..error.xmlparsing=Erreur d'analyse XML : type incorrect de jeton..error.splash.exit=Le processus d'affichage de l'\u00E9cran d'accueil de Java Web Start est en cours de fermeture...\n..# "Last WinSock Error" means the error message for the last operation that

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\messages_it.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (1392), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3255
                      Entropy (8bit):4.7050139579578145
                      Encrypted:false
                      SSDEEP:48:KTi+qOaVUVVMsD/B0FN5+eADELDHxhdpHgKe1uo265eLaqMQ6URhmwgFs+ur60:KJBa2VtzeDLDRhd5A26+7RhZgR0
                      MD5:BF5E5310B2DCF8E8B3697B358AD4446D
                      SHA1:C746AC1F46F607FA8F971BEA2B6853746A4FB28D
                      SHA-256:CC9AD73957535011EE2376C23DE2C2597F877ACEBA9173E822EE79AAD3C4E9E6
                      SHA-512:B6C61D38B0ACC427B9B2F4C19DABD7EACBE8EEA6B973FD31B3555C4C5B3FFAF1CA036B730359346F57223B44CCE79E04A6D06BBC13C6F7DD26ED463776BB6DCC
                      Malicious:false
                      Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=errore interno, messaggio sconosciuto..error.badinst.nojre=Installazione errata. Impossibile trovare il JRE nel file di configurazione..error.launch.execv=Errore durante la chiamata di Java Web Start (execv)..error.launch.sysexec=Errore durante la chiamata di Java Web Start (SysExec) ..error.listener.failed=Apertura: sysCreateListenerSocket non riuscito..error.accept.failed=Apertura: accept non riuscito..error.recv.failed=Apertura: recv non riuscito..error.invalid.port=Apertura: impossibile identificare una porta valida..error.read=Tentativo di lettura dopo la fine del buffer..error.xmlparsing=Errore durante l'analisi XML: trovato un tipo di token errato..error.splash.exit=Uscita dal processo di schermata iniziale di Java Web Start in corso...\n..# "Last WinSock Error" means the error message for the last oper

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\messages_ja.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (2924), with CRLF line terminators
                      Category:dropped
                      Size (bytes):6381
                      Entropy (8bit):4.5983590678211135
                      Encrypted:false
                      SSDEEP:96:Mu7cepcgD8do+O2D+k8/RJFGQcHGqo72hzEflA44CAmIbIC3j5pN/o8woJe:PctgYqhTYzG2O
                      MD5:D830FC76BDD1975010ECE4C5369DADF8
                      SHA1:D8CC3F54325142EFA740026E2BC623AFE6F3ACB5
                      SHA-256:11E886336BA51A9044AB1A87C60CEEE34C29BB724E06A16968D31531A7001064
                      SHA-512:7B867A50A811FBD7FFDAD0B729CA4501E16386EE5C4940A4CF9A805767CC0D10F7E3BDFD6A60204D79292D778D93E3BD915368AC0E9453BBB1010ADFD9655F0F
                      Malicious:false
                      Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u30A8\u30E9\u30FC\u3001\u4E0D\u660E\u306A\u30E1\u30C3\u30BB\u30FC\u30B8..error.badinst.nojre=\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u304C\u6B63\u3057\u304F\u3042\u308A\u307E\u305B\u3093\u3002\u69CB\u6210\u30D5\u30A1\u30A4\u30EB\u5185\u306BJRE\u304C\u3042\u308A\u307E\u305B\u3093..error.launch.execv=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(execv)..error.launch.sysexec=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(SysExec) ..error.listener.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: sysCreateListenerSocket\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.accept.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: accept\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.recv.fai

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\messages_ko.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (2601), with CRLF line terminators
                      Category:dropped
                      Size (bytes):5744
                      Entropy (8bit):4.781504394194986
                      Encrypted:false
                      SSDEEP:96:GhymCk3kjLqgz9RkfrsEW/p9M32i0HkZr+ywc8b8+/moD7yct070DL70Dm:Dm5kLfIErMbT/44in
                      MD5:64DE22212EE92F29BCA3ACED72737254
                      SHA1:C4DBC247043578CCF9CD8DAB652D096703D5B26E
                      SHA-256:292696C94D5FD0BF2FF4AF9E4D363BFCBE888D2E65BD18A20CF71081FB1C9B0D
                      SHA-512:CA33C75B66D8B5316B1C3ED41A9A14DD8611A3BB9B26EFDC7F468250696D515CF1E966831975C9ABDC33E9A1C59167FE79BA547592D2A04997E1342433E7B628
                      Malicious:false
                      Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\uB0B4\uBD80 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC54C \uC218 \uC5C6\uB294 \uBA54\uC2DC\uC9C0\uC785\uB2C8\uB2E4...error.badinst.nojre=\uC124\uCE58\uAC00 \uC798\uBABB\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uAD6C\uC131 \uD30C\uC77C\uC5D0\uC11C JRE\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4...error.launch.execv=Java Web Start(execv)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4...error.launch.sysexec=Java Web Start(SysExec)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. ..error.listener.failed=\uC2A4\uD50C\uB798\uC2DC: sysCreateListenerSocket\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.accept.failed=\uC2A4\uD50C\uB798\uC2DC: \uC2B9\uC778\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.r

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\messages_pt_BR.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (1319), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3317
                      Entropy (8bit):4.869662880084367
                      Encrypted:false
                      SSDEEP:48:3c6BeKTDcUsLYg9tStwmx+supWBxKy0HgKe1u6K0NCMc6MTNTjtA7NZdlw7ZHAW:3c6fbEf1mxPuUBxKy4va+mZdlw7Z7
                      MD5:4078691AB22C4F0664856BE0C024A52F
                      SHA1:6247FC05DE429F65DC4E1356C4715DC51F43B98F
                      SHA-256:6869B27B12B99C9D169B3E018284BE0F7631DBDF2DDD5F4EA5B1A458736FDFDF
                      SHA-512:BB02765F69E23C732C790EB994800C83BB8EFE7FF8CE0BCDC475EC5A29CEF5A33A5513AB1A7DC9F0F066B807A0980C41EC0037710873A32BD2952DBED79D24CA
                      Malicious:false
                      Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erro interno, mensagem desconhecida..error.badinst.nojre=Instala\u00E7\u00E3o incorreta. Nenhum JRE encontrado no arquivo de configura\u00E7\u00E3o..error.launch.execv=Erro encontrado ao chamar Java Web Start (execv)..error.launch.sysexec=Erro encontrado ao chamar Java Web Start (SysExec) ..error.listener.failed=Tela Inicial: falha em sysCreateListenerSocket..error.accept.failed=Tela Inicial: falha na fun\u00E7\u00E3o accept..error.recv.failed=Tela Inicial: falha na fun\u00E7\u00E3o recv..error.invalid.port=Tela Inicial: n\u00E3o reativou uma porta v\u00E1lida..error.read=Ler ap\u00F3s o final do buffer..error.xmlparsing=Erro durante o parsing de XML: tipo incorreto de token encontrado..error.splash.exit=Saindo do processamento da tela inicial do Java Web .....\n..# "Last WinSock Error" means the error message

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\messages_sv.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (1386), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3441
                      Entropy (8bit):4.927824210480987
                      Encrypted:false
                      SSDEEP:96:KYD1QNsQZ/lmo8ZuLgdBGpv3JRJ/7coh91XlK7Q/vm2QAfO:9D1+sCmapce1KGm2QIO
                      MD5:81BBDEA4DC9803A6EB78CE7D5CA018ED
                      SHA1:9AAF012276AD89CE7273CF5F0BE4C95B72D906AB
                      SHA-256:565B8FF1F31784378884D9D7468FFDFDDA5B001ACB5BB393A5006AC19BE4E67A
                      SHA-512:310017DD27C91C492188737494DA04CAB241D0BF4E91326AFB4A3F98CBFF78A6C0BBC14EC7E883597E9D506FAA80BA4E9A25B5F46BFD2543850323061E829A84
                      Malicious:false
                      Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internt fel, ok\u00E4nt meddelande..error.badinst.nojre=Felaktig installation. Ingen JRE har hittats i konfigurationsfilen..error.launch.execv=Ett fel intr\u00E4ffade under starten av Java Web Start (execv)..error.launch.sysexec=Ett fel intr\u00E4ffade under starten av Java Web Start (SysExec) ..error.listener.failed=V\u00E4lkomstsk\u00E4rm: sysCreateListenerSocket utf\u00F6rdes inte..error.accept.failed=V\u00E4lkomstsk\u00E4rm: kunde inte accepteras..error.recv.failed=V\u00E4lkomstsk\u00E4rm: kunde inte mottaga..error.invalid.port=V\u00E4lkomstsk\u00E4rm: \u00E5terskapade inte en giltig port..error.read=L\u00E4ste f\u00F6rbi slutet av bufferten..error.xmlparsing=XML-tolkningsfel: fel typ av igenk\u00E4nningstecken hittades..error.splash.exit=Java Web Start - v\u00E4lkomstsk\u00E4rmen avslutas .....\n..# "Last

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\messages_zh_CN.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (1857), with CRLF line terminators
                      Category:dropped
                      Size (bytes):4104
                      Entropy (8bit):5.04197285715923
                      Encrypted:false
                      SSDEEP:96:Me7R8zl0Zf4z3X4Gv2hEpeStEKADydYL1WfK0eSm91j7:1R8pOfWHJvOJT1WPtK1j7
                      MD5:823D1F655440C3912DD1F965A23363FC
                      SHA1:50B941A38B9C5F565F893E1E0824F7619F51185C
                      SHA-256:86663DED105B77261C0556468A93BC8666A094B918299A61AF0A8E30F42019C7
                      SHA-512:1EBF989D2121CF05FFC912B9B228C4D4523763EB1A689EC74568D811C88DCF11032FFC8007BB24DAF7D079B580662B77D94B4B8D71A2E891EF27979FF32CD727
                      Malicious:false
                      Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u9519\u8BEF, \u672A\u77E5\u6D88\u606F..error.badinst.nojre=\u9519\u8BEF\u5B89\u88C5\u3002\u914D\u7F6E\u6587\u4EF6\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u8C03\u7528 Java Web Start (execv) \u65F6\u9047\u5230\u9519\u8BEF..error.launch.sysexec=\u8C03\u7528 Java Web Start (SysExec) \u65F6\u9047\u5230\u9519\u8BEF..error.listener.failed=\u542F\u52A8\u5C4F\u5E55: sysCreateListenerSocket \u5931\u8D25..error.accept.failed=\u542F\u52A8\u5C4F\u5E55: \u63A5\u53D7\u5931\u8D25..error.recv.failed=\u542F\u52A8\u5C4F\u5E55: recv \u5931\u8D25..error.invalid.port=\u542F\u52A8\u5C4F\u5E55: \u672A\u6062\u590D\u6709\u6548\u7AEF\u53E3..error.read=\u8BFB\u53D6\u8D85\u51FA\u7F13\u51B2\u533A\u7ED3\u5C3E..error.xmlparsing=XML \u89E3\u6790\u9519\u8BEF: \u53D1\u73B0\u9519\u8BEF\u7684\u6807\u8BB0\u7C7B\u578B..error.s

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\messages_zh_HK.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3784
                      Entropy (8bit):5.17620120701776
                      Encrypted:false
                      SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                      MD5:4287D97616F708E0A258BE0141504BEB
                      SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                      SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                      SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                      Malicious:false
                      Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\messages_zh_TW.properties

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                      Category:dropped
                      Size (bytes):3784
                      Entropy (8bit):5.17620120701776
                      Encrypted:false
                      SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                      MD5:4287D97616F708E0A258BE0141504BEB
                      SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                      SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                      SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                      Malicious:false
                      Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\splash.gif

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:GIF image data, version 89a, 320 x 139
                      Category:dropped
                      Size (bytes):8590
                      Entropy (8bit):7.910688771816331
                      Encrypted:false
                      SSDEEP:192:91m4OqvVyG+LMIcBc2qPjHmxJCCG/h97dIYhOX:9/OqdivcqzjH3tfDE
                      MD5:249053609EAF5B17DDD42149FC24C469
                      SHA1:20E7AEC75F6D036D504277542E507EB7DC24AAE8
                      SHA-256:113B01304EBBF3CC729A5CA3452DDA2093BD8B3DDC2BA29E5E1C1605661F90BE
                      SHA-512:9C04A20E2FA70E4BCFAC729E366A0802F6F5167EA49475C2157C8E2741C4E4B8452D14C75F67906359C12F1514F9FB7E9AF8E736392AC8434F0A5811F7DDE0CB
                      Malicious:false
                      Preview:GIF89a@................................................FFF...T..W..V..Is.Kv.W..W..U..Hr.P|.O{.Mx.Gq.Jt.Fo.Fp.V..U..Gp.T..Lw.P|.R..Q~.S..S..Nz.Lw.Hq.Ju.X..V..Lx.It.U..Hs.Ny.Nz.P}.R~.S..R~.R..Q}.Q}.My.Lv.It.O{.Ku.My.Oz.Gp.Gq.Hr.....................WWW.........Ry.uuu............i......ggg...]..................{..y..d..........Sz................s............i...............c............v.....X........r...........]........^........p.....z.........r..Y..l..m...............]................Mu........Qw.Nw.........v.....b..j.......V}.]........d.....k........v........Lu....S|.U{.Oy................W........Lv.U..R}.....Nv.Gp.Nx.Ks....Jr....Hq......V~.T..S~.Z.....Gq.O{.......W..Qz.......Lw.Z.....T...........S~....Lt.Kv....V.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\splash@2x.gif

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:GIF image data, version 89a, 640 x 278
                      Category:dropped
                      Size (bytes):15276
                      Entropy (8bit):7.949850025334252
                      Encrypted:false
                      SSDEEP:192:onqkbSDLFgIBL0IgyZCE/oIuuemXclVO/HemZ8GbRdziHm6tIclW3ZYvvebtssZn:lKMLWkpgy8sdsnOmEyPLaYoauAdI
                      MD5:CB81FED291361D1DD745202659857B1B
                      SHA1:0AE4A5BDA2A6D628FAC51462390B503C99509FDC
                      SHA-256:9DD5CCD6BDFDAAD38F7D05A14661108E629FDD207FC7776268B566F7941E1435
                      SHA-512:4A383107AC2D642F4EB63EE7E7E85A8E2F63C67B41CA55EBAE56B52CECFE8A301AAF14E6536553CBC3651519DB5C10FC66588C84C9840D496F5AE980EF2ED2B9
                      Malicious:false
                      Preview:GIF89a..............................................FFF...W..V..Is.Hr.W..W..U..P|.T..Kv.O{.V..Mx....S..Fp.Jt.Lw.Gp.Gq.Lw.U..T..R..Q~.Fo.Nz.R~.R..Q}.My.Ju.It.Oz.Gp.Nz.Gq.V..Ny.Hq.P|.P}.S..S..S..Q}.Ku.Ku.Hr.Lx.X..Mx.It.U..Is.Hs.T..O{.R~.T..O{.Kv.My.Lv..........i...........]..WWWu...........ggguuut.......................................Ry.......{..............b..........................^..l.................X}....a..{.....c..................v..m........T{.f.....l........X.........................j..U|...........`........j..g..U~........^.....Qz.Jr.Nw.p.....v.....p.....Gp....r..Mt.......y..q.....]..Nv............Tz.Y.....[.....Pw....Ox..............X.....Y..X..W..V..S|............Mx....Mv.Kt.U..Hq.Lv.W.....Mu.i..Q{.Gq.Lt.S~.T..U..Kv................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\splash_11-lic.gif

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:GIF image data, version 89a, 320 x 139
                      Category:dropped
                      Size (bytes):7805
                      Entropy (8bit):7.877495465139721
                      Encrypted:false
                      SSDEEP:96:S88k2wenvMs3iHrSI3yy73VWOcaJpGvrrXqJBcqgbf5bD0jmzDBoqCN2IWsyh:SFHhs73n73V4airrXq41Ll3vBmN2YU
                      MD5:9E8F541E6CEBA93C12D272840CC555F8
                      SHA1:8DEF364E07F40142822DF84B5BB4F50846CB5E4E
                      SHA-256:C5578AC349105DE51C1E9109D22C7843AAB525C951E312700C73D5FD427281B9
                      SHA-512:2AB06CAE68DEC9D92B66288466F24CC25505AF954FA038748D6F294D1CFFB72FCC7C07BA8928001D6C487D1BF71FE0AF1B1AA0F35120E5F6B1B2C209BA596CE2
                      Malicious:false
                      Preview:GIF89a@...................................{...........c.....P|.l.....].............Ry.........S{.i.....U~........................uuuV..b........T.....WWW}..R~.......Hr.v..T|.It..........n.............e..f.....].........Hq.`........Y.....i..r.._..l...........]..Y.....v..................s..f.....z.....\........Jr.r.....................i..e.....p.....Y..m........Z..Sz.Ow....Y..Nx.{..w..Jr.T..R}....Pw.Lt.s..`..W..W..Lv...........................................FFF...W..V..Is.Kv.W..W..U..Hr.O{.Mx.Jt.Gq.Fp.Gp.Lw.Fo.U..T..Q~.R..P|.Lw.S..S..Ju.Nz.V..X..V..U..Ny.Hs.My.Ku.My.Q}.R~.P}.Q}.R..S..S..O{.Oz.Lx.Nz.Lv.It.Gp.Gq....ggg.....................S...............S|....Gp........Mw.S~.Px.Nz.Pz.......Lt.Kv.a.....V.....r.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\deploy\splash_11@2x-lic.gif

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:GIF image data, version 89a, 640 x 278
                      Category:dropped
                      Size (bytes):12250
                      Entropy (8bit):7.901446927123525
                      Encrypted:false
                      SSDEEP:192:Zzv4QPei/ueMFJ2M4xSGb/xGEyddpTa7Kv9I1BDc3KR3q6xmwJePYueHjAPZKGMr:5vTWvmxSGbkpTaYe1dc3KR3q7wJsOHmu
                      MD5:3FE2013854A5BDAA488A6D7208D5DDD3
                      SHA1:D2BFF9BBF7920CA743B81A0EE23B0719B4D057CA
                      SHA-256:FC39D09D187739E580E47569556DE0D19AF28B53DF5372C7E0538FD26EDB7988
                      SHA-512:E3048E8E0C22F6B200E5275477309083AA0435C0F33D1994C10CE65A52F357EE7CF7081F85C00876F438DFA1EE59B542D602287EC02EA340BFDF90C0C6ABD548
                      Malicious:false
                      Preview:GIF89a.......{.....k......{...........P|.b..V......................Hr.Hq.......................]...........X...........f.............i............R~....u..It.u.....l..T~.......Qz.......^..Q~....i.......b.............Qx.Y..Y.....q..p.....v..............a..U|......T..Y........................^..n........f.....Tz.e..j..f..Ox.p..Y~.Ov.......y..Z..h.....l.....W.....w.....R|.p.....X~.a........Pw.Ks.Ir.......^.....Kt.FFF\........Ox...........W..U..Nw.Mu.W..V..Is.V..Hr.R~.W..W..U..T..O{.Kv.Gp.S..Mx.Lw.Fp.Lw.U..T..Jt.R..Gq.Fo.Ju.My.R..Q}.R~.Nz.Oz.It.Nz.V..V..Gp.Ny.Ku.P|.Ku.Gq.P}.S..Q}.S..S..Is.Lx.U..O{.Hs.T..O{.My.Mx.Kv.Lv............iii...YYY.............xxx........._.....U..Gp.U..Lv.Mw....Oz......S|.S}.Hq.\..Kv....Mv.P{.W..T........Mw.T.....Nz.q..Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\ext\access-bridge-32.jar

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Java archive data (JAR)
                      Category:dropped
                      Size (bytes):187736
                      Entropy (8bit):7.79606817499301
                      Encrypted:false
                      SSDEEP:3072:9Mxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBgvH6:ONduOJv29amxGiDtonI87aGBgva
                      MD5:13794986CA59819F6AF7BD70022D7F8F
                      SHA1:6C5609CD023EB001DC82F1E989D535CD7AD407EE
                      SHA-256:AF555DD438214DCD68D55EBDDCC0A05BF47DEF0EFD9920E3955D11CC2623628E
                      SHA-512:2E3C4E76FD911EFF5F6983D6D7FBB0F998E5FB0BFE11921A83AC9F19BFB0C28B157354F1AC790094C354845025AB42F5A921FDDF2A780497431F3912D7D3E518
                      Malicious:false
                      Preview:PK........z..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\ext\access-bridge.jar

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Java archive data (JAR)
                      Category:dropped
                      Size (bytes):187727
                      Entropy (8bit):7.7958934328326075
                      Encrypted:false
                      SSDEEP:3072:aMxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBPlHl:nNduOJv29amxGiDtonI87aGBPlF
                      MD5:82C16750374D5CCA5FDAA9434BAF8143
                      SHA1:9B49F07BFB6F4AE73EB9B2FADCAE46E02E31F023
                      SHA-256:1F0966EBD65544669395E9F490A3D397DCF122D5261566734BB422C68CFE64B8
                      SHA-512:12A32FBE2A0A824EC33BD6D0A22066C0CB74D13EEBC16622FFE420CD48B4EB5878C981384DEBE30285D6231B3224E5CD2380C22D8C18624E52E5C74B62221661
                      Malicious:false
                      Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\ext\cldrdata.jar

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Java archive data (JAR)
                      Category:dropped
                      Size (bytes):3860522
                      Entropy (8bit):7.9670916513081735
                      Encrypted:false
                      SSDEEP:98304:PI1SwP9utPgTIb0bxSxwF1nNZVdEILeH9IIyYNO4Inwz:PI1HYgkoxSxI9fs4UVIwz
                      MD5:AE86774D28F1C8270A9BCBD12A9A1865
                      SHA1:7806C70550F435C2C87D2D15E427E5A9F97774E4
                      SHA-256:0402FBCB23D381DEDE4DF4228F2D100D8693C5B3BAB885AB5EB98BCC0A269786
                      SHA-512:2EA1E0372A087915FFFCCA2DEFC817C37BD038B02824BFEC1DA4E881A4C908A93AEB37DAA38840F75BCEAFD02EC09088FE648B0305DA0407E93407EAC770BE63
                      Malicious:false
                      Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.q.B........E..%.).N. e.z.......E..9....E..E.%@...\.\.PK...n..N...Z...PK...........H................sun/text/resources/cldr/aa/FormatData_aa.classmPMO.@.}........(.@..xB....!b,1i8..6X..I.5._.'.....(..".9.yy3.f?..?..`?...*6T.5l....aG......=...mqN.......t...:6g.;`^....d.L..\0.|.b...w&.....c.;...8%H...........RqA.......b. ..p./G......B0..K.Sx6...>4\....Zy.!..".R.N....T....=..c~d.7...3(5.<.....a;F....\....a8@..a.@..d^.]YV"k....U...2'#...rX.K...ue...O....bZ.:CB...jZ.]3...2M.s....3}.ct%.GV..PK...]..d.......PK...........H................sun/text/resources/cldr/af/FormatData_af.classuV.x[W.>...a[y......R.+-..K].I.4..(...b.=....a.h...({..B!...{.U......w../...y...?.;w>.u..w..A.......xE.nFxe.nAx...^.p+.k.^..z.7 ...M.oFx..[...v.3..!.....Bx7.{.nGx/....@x?...."..A..!|....G.>..1..#|....B......A.,...>..../"|...._A.*........o"|.....A...........".

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\ext\dnsns.jar

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Java archive data (JAR)
                      Category:dropped
                      Size (bytes):8286
                      Entropy (8bit):7.790619326925194
                      Encrypted:false
                      SSDEEP:192:tX5jIgU7WbMCc0XmHTEIWB7EH+mqcEb+wYtvEmkbKdG:tXZU7WbMoWTFWBAH+BCrEmkh
                      MD5:7FA7F97FA1CC0CC8ACC37B9DAE4464AE
                      SHA1:C143646A6DBE2EBDB1FBF69C09793E7F07DBC1F5
                      SHA-256:36820223C5B9A225DC3FF7C1C3930BDB112F1D9AAB2BEE954FF1A1C1828E2C54
                      SHA-512:AD9A0E358BE7A765B4A554E6BBE35BDD61A52BCAC9F21915D84C2A1929780150DFDCF0E43121D0E844082B1BB92873ED848ACF9B38FF3C7D826E5D0F5D32C26C
                      Malicious:false
                      Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$1.class.S]O.A.=......./@."e.,(>AH.` )..g.......l../j....LD..F_.M.xw.j.....s.{g.~.........d.n...9.0e.N..i.E.......~A.&.H..7....[<.7|....]f_.....r.)W....*~(B....nM..F.Z!.z.....Ye.(...B.3..2.AM0......pO..x.!.#.0U.I.G..Tu.&..L.......e.![.U..;...-.2.6.<.02P..9...R.......la...*.H....!.."-..H..E].Z.k^.W:p.J^s. .x .c..7j>.A..T...TfG...f....!.6zm.p.F..-.q.K.....1.!.w.C+,2..J....0.!C...0Lw...@..s[.cmp%I-.5..o...1.D].]q..4..-.t1...m.q.3.;\....D.+/..../...N....uv...R.|<<.2M...4...O.yz.F*A...).3{.....7....]..g.i..9&m.[.......K_.}.,;)}F..VR.w........|I.+..B.a...F.-C....h......Y...N...t..D.:.<..d..u`..r..B...PK..K.".u.......PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$2.class.

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\ext\jaccess.jar

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Java archive data (JAR)
                      Category:dropped
                      Size (bytes):44516
                      Entropy (8bit):7.905075370162141
                      Encrypted:false
                      SSDEEP:768:2YVL1eqfgKbWnXuZ/QvfBPJr+A6tkZQnWn109KqM9jE4z:2KL1eWgfnXuEfJQAdQnWn10kqg3z
                      MD5:1A33FF1FDD789E655D5E2E99E9E719BD
                      SHA1:AE88E6000EBD7F547E3C047FC81AE1F65016B819
                      SHA-256:A23A9A653A261C640703B42839137F8C4BF7650665E62DBDD7D538171BD72516
                      SHA-512:0451393D805414D6633824F3D18B609F7495324FAB56DF4330E874A8995BD9E0DA567D77DB682D7FD1544CD7E6A3D10745C23DB575035E391B02D6EE4C4362FD
                      Malicious:false
                      Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............Z...com/sun/java/accessibility/util/AccessibilityEventMonitor$AccessibilityEventListener.class.Wkp.........5..5..A6`l..C\j.A...eb)..)dm....J+..h...I.&&...L.4.3.$.aH.q.....M...i..m......KNf4.y..~.9g.>.....[p.:....n..p....(........#.D'".ta/.>.D7.|.s.!..f.o......#\w?o...;q..]x....B...~.....t..4>?.#N.1$Aw........;..#j.HJ0%..p...M.5...V[.. ...*......P...).qZ)......a-i...H2.EM..H.2l.H.eX_.>..(..J_..Lj.Z\3G...,...C|.....T..$,.q.OX...[.u..Qg..6..:...iz.q.-.*...:sD@9j.2[..w..I3a.r....cXM..m..}P..J.WU.d`o.nhD.3.=).)..o2..F*...8^k...f)t.........G...e|.....C*K."#.F...,.m.q..I8)....$..x^......e..?..c.D..8..e..7...U..8..dl...rc.s.7d..3...x.....E`.....n/.8.qY......i.~BQ..\.1.K2~.K...s.C.YN...@.Lh...i....PwwW.W...2.z....<%..F..+..xW.e...K.W0...3......J..)S.

                      C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\lib\ext\jfxrt.jar

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Java archive data (JAR)
                      Category:dropped
                      Size (bytes):18192143
                      Entropy (8bit):5.977388717447885
                      Encrypted:false
                      SSDEEP:49152:ZxJ9lXlkEhZWLyyQSgxv1/FGfnIWkRXe2p0F7tjRozGfVgMS55pU13JbL5xli3d6:ZhLk2bBSgnFGfnhAXLzAeylvi3dGT
                      MD5:042B3675517D6A637B95014523B1FD7D
                      SHA1:82161CAF5F0A4112686E4889A9E207C7BA62A880
                      SHA-256:A570F20F8410F9B1B7E093957BF0AE53CAE4731AFAEA624339AA2A897A635F22
                      SHA-512:7672D0B50A92E854D3BD3724D01084CC10A90678B768E9A627BAF761993E56A0C6C62C19155649FE9A8CEEABF845D86CBBB606554872AE789018A8B66E5A2B35
                      Malicious:false
                      Preview:PK...........H................META-INF/....PK...........H..>.g...g.......META-INF/MANIFEST.MFManifest-Version: 1.0..Ant-Version: Apache Ant 1.8.2..Created-By: 1.8.0_40-b27 (Oracle Corporation)....PK..........H................com/PK..........H................com/sun/PK........j..H................com/sun/deploy/PK........j..H................com/sun/deploy/uitoolkit/PK........j..H................com/sun/deploy/uitoolkit/impl/PK...........H............!...com/sun/deploy/uitoolkit/impl/fx/PK...........H............$...com/sun/deploy/uitoolkit/impl/fx/ui/PK...........H................com/sun/deploy/uitoolkit/impl/fx/ui/resources/PK...........H............4...com/sun/deploy/uitoolkit/impl/fx/ui/resources/image/PK........}..H................com/sun/glass/PK...........H................com/sun/glass/events/PK...........H................com/sun/glass/ui/PK...........H................com/sun/glass/ui/delegate/PK...........H................com/sun/glass/ui/win/PK..........H................com/su

                      C:\Windows\Installer\55c72a.msi

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {95A92FE2-A6E7-4528-901E-5526269D9142}, Number of Words: 10, Subject: New Ar, Author: New Ar, Name of Creating Application: New Ar, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o New Ar., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Fri Aug 16 16:21:28 2024, Last Saved Time/Date: Fri Aug 16 16:21:28 2024, Last Printed: Fri Aug 16 16:21:28 2024, Number of Pages: 450
                      Category:dropped
                      Size (bytes):67692544
                      Entropy (8bit):7.993853295572231
                      Encrypted:true
                      SSDEEP:1572864:YdvXF+e76KJ9I4OzKvmTq4aMh6zGORvApErPLpcNRc3xBKHR:uP5J9I9GWhC7vApEXNCH
                      MD5:DDE14D0E46B12F8A8C0CD770B905162C
                      SHA1:A2D8C6E6BD927D1905BD174303A1DC5FACF25590
                      SHA-256:A75287CC1412EFFF5DF14E6E8A59CF38BDB3E2FBD60F19126671FE5493CEE47B
                      SHA-512:6BD3467B1F61488AAE4E8067F28F9462F14296F3C4312B12135EBECA3DF2CC9C5C50A392EDBE995A84F90CBC240D5B5D1979076235C53AB646AD9CCBE07DC481
                      Malicious:false
                      Preview:......................>...........................................}...........J.......f.......s...............................................................i.......&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...{...............6...............................)...8........................................................................... ...!..."...#...$...%...&...'...(...0...*...+...,...-......./...5...1...2...3...4...9...7.......@...D...:...;...<...=...>...?...B...A...C...N.......E...F...G...H...I...Y.......L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                      C:\Windows\Installer\MSID15C.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):925800
                      Entropy (8bit):6.5962529078695535
                      Encrypted:false
                      SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                      MD5:421643EE7BB89E6DF092BC4B18A40FF8
                      SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                      SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                      SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                      Malicious:false
                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\MSID218.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):925800
                      Entropy (8bit):6.5962529078695535
                      Encrypted:false
                      SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                      MD5:421643EE7BB89E6DF092BC4B18A40FF8
                      SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                      SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                      SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                      Malicious:false
                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\MSID248.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):925800
                      Entropy (8bit):6.5962529078695535
                      Encrypted:false
                      SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                      MD5:421643EE7BB89E6DF092BC4B18A40FF8
                      SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                      SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                      SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                      Malicious:false
                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\MSID278.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):925800
                      Entropy (8bit):6.5962529078695535
                      Encrypted:false
                      SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                      MD5:421643EE7BB89E6DF092BC4B18A40FF8
                      SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                      SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                      SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                      Malicious:false
                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\MSID2B8.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Category:dropped
                      Size (bytes):925800
                      Entropy (8bit):6.5962529078695535
                      Encrypted:false
                      SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                      MD5:421643EE7BB89E6DF092BC4B18A40FF8
                      SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                      SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                      SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                      Malicious:false
                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\MSID430.tmp

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):46738
                      Entropy (8bit):5.477999309270902
                      Encrypted:false
                      SSDEEP:384:PV69CdL4NKhgcymtXMFyWYXc70J6CjpdvUlTODxdIz6DGKyHVn00QDLzWbFEqApD:PI8qNtkenXhhYFjv6xuV4m
                      MD5:087A282250CB655D9BB707B08490752A
                      SHA1:12FF4EF0F847E5F93D198BD01F9D2CE12F582470
                      SHA-256:4725D96F39B0AE859CD20114896AE3CEB1679E6F1C35E8037BE4344CA3660CBF
                      SHA-512:2F245C962FD9A9FB62EFCD0CA4B69EA0D7C6443109D72BC08F4BA500BA7C63D4D37D7F3E93F7BCD598AE74747E7882F8A3C311F40C6DF926BC146F7D06CDCC86
                      Malicious:false
                      Preview:...@IXOS.@.....@I?.Y.@.....@.....@.....@.....@.....@......&.{2D10371B-AC7F-42E1-BF25-D954CE17B240}..New Ar..EYOFFTITMDLXZJFFCCGFDTBIY.msi.@.....@.....@.....@........&.{95A92FE2-A6E7-4528-901E-5526269D9142}.....@.....@.....@.....@.......@.....@.....@.......@......New Ar......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]...@.......@........ProcessComponents%.Atualizando o registro de componentes...@m....@.....@.]....&.{9DF256DC-2E1B-4AE9-AD36-A853530ADE87}..C:\Users\user\AppData\Roaming\New Ar\New Ar\.@.......@.....@.....@......&.{6FDAD8C4-AC91-47D5-B050-1E22F667AF36}".01:\Software\New Ar\New Ar\Version.@.......@.....@.....@......&.{FD5E4EA6-884C-4125-99E8-220F38755F5C};.C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\Data.exe.@.......@.....@.....@......&.{ACED1E9F-A8CC-4F0A-BF34-E62BC5D4F8A2}B.C:\Users\user\AppData\Roaming\New Ar\New Ar\dist\jre\bin\awt.dll.@.......@.....@.....@......&.{BEC4F991-BDDF-45A4-90CD-708E

                      C:\Windows\Installer\SourceHash{2D10371B-AC7F-42E1-BF25-D954CE17B240}

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):1.1738090935065215
                      Encrypted:false
                      SSDEEP:12:JSbX72FjiZiAGiLIlHVRpIh/7777777777777777777777777vDHF+7RKqUOBrlN:J3QI5wMdcOEF
                      MD5:F5DF517F44FACF2F25F75A9FB50DBA93
                      SHA1:E81479F2AA7211856AC6897E44977E0A07658CA5
                      SHA-256:439DA475658842888E7B8ADF74BA231D5EC192B7797D53C2C2E28B78C6B23CAC
                      SHA-512:E4C727B69C45844D0DBB20B6F559B174EDCC0940995C30B244A41407A4A019959FB6A450693303275AAA50145F69AFAA5D7EFD7D27F4355D32228911CF6E99C0
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Installer\inprogressinstallinfo.ipi

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):1.5277477262932737
                      Encrypted:false
                      SSDEEP:48:i+8PhcuRc06WXJUjT5ag5g7kES2kuAEkCyIh6kES2kUTEr:Ahc1XjTd5U6vCSs
                      MD5:E7538017ED9A1307A742EEBC12E185EC
                      SHA1:FC55A719185410F78E57E1AB22F4339475B4EE13
                      SHA-256:B40D6FEBB8C652FABC9594993F5A9B525C62C3CD905066840E22C613707CBB9C
                      SHA-512:A7CF9FA70BC14E086DC21F2924756F85A1D3DE1B26E00562E3E887F25E613B9CF66CB81A0ABD2A6C487E6164AFFE01D91F0CE16D23826CA03375420E04BD6C9D
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):360001
                      Entropy (8bit):5.362988102731591
                      Encrypted:false
                      SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaua:zTtbmkExhMJCIpE/
                      MD5:DBC3AFB6E0DB52DB4447216DD018363D
                      SHA1:AB2AA5A576F1A9D2BFFCCAB473D2C3EFB2811BBB
                      SHA-256:BCA1493EE45A5DF7D509C774FEF38B0D9A98506A181DF160E1983DBEA61C7B81
                      SHA-512:8A6263B43F79AD9B855B4A35C3DCEC509182F068901D7802A172AB42CE46286FABA89FBBCC1EC772FB31F1E7F1C55466D3569394DCACFD9534D4A43C23F8F577
                      Malicious:false
                      Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                      C:\Windows\Temp\~DF0BF48EDE154EF028.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DF1127732E3C763095.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):73728
                      Entropy (8bit):0.1231675683653617
                      Encrypted:false
                      SSDEEP:24:IsvghTxb4kEipVb4k2b4kEipVb4kuAEVbyjCyIhVPwGg6+vzg:rohT6kES2kLkES2kuAEkCyIhrgzg
                      MD5:48B2D1FB4417FCB82AD9D1ED9F8AE812
                      SHA1:16B86B06DC0D4575BBF99A820768EC3EB9CF2B88
                      SHA-256:30E177D5F1BEF116105D5A3AA0EDEC5166241E51E847D07A68CC4736848A3704
                      SHA-512:C2A379ABD24614E172B98B48F6DA536530566BF04AC8EF9FEB31F2FF03986CB89306CC7AD0B9A13A18532B5EC7796EFB8821CFC8AC9FD9516595C0081B087F30
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DF276E67740DEB8793.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):20480
                      Entropy (8bit):1.5277477262932737
                      Encrypted:false
                      SSDEEP:48:i+8PhcuRc06WXJUjT5ag5g7kES2kuAEkCyIh6kES2kUTEr:Ahc1XjTd5U6vCSs
                      MD5:E7538017ED9A1307A742EEBC12E185EC
                      SHA1:FC55A719185410F78E57E1AB22F4339475B4EE13
                      SHA-256:B40D6FEBB8C652FABC9594993F5A9B525C62C3CD905066840E22C613707CBB9C
                      SHA-512:A7CF9FA70BC14E086DC21F2924756F85A1D3DE1B26E00562E3E887F25E613B9CF66CB81A0ABD2A6C487E6164AFFE01D91F0CE16D23826CA03375420E04BD6C9D
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DF5EB6BCDB4FB5993B.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):0.07870011785440245
                      Encrypted:false
                      SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO+FBynezKqhihJIXiVky6l51:2F0i8n0itFzDHF+7RKqUOBr
                      MD5:1221A4824DEEA603E15DD3E18200398B
                      SHA1:997E6F130C8E81BC4258049383476A318B7C5E0B
                      SHA-256:B6C742C2DE747173759814AE91E019738D8D2F27B4DA280B2C7DE02A04F846DC
                      SHA-512:ED627ED613E52444C3CC274A39A3C24AD1C99F214034B3BC6FECE9E7B299F7FBAA7799F19EAB02D0E81A314F6D7D05887E53282CD593409113B29A8288CBE1E2
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DF656CD33505B5BF5E.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DFB6FA98A1B1F66620.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):1.226572832811732
                      Encrypted:false
                      SSDEEP:48:E9Uu2I+CFXJvT58g5g7kES2kuAEkCyIh6kES2kUTEr:wUmXTX5U6vCSs
                      MD5:64DBB02268000C58D0C1BFB7563C516E
                      SHA1:151991298BE00591845CD26C938D6E31A714E54A
                      SHA-256:72A7AAA18B2309E13F684085C8B89BDA58803FEFF61A6BCC3A7CE91A0FAD02F9
                      SHA-512:B06DE64DC59F736019881620ECE05D57344E54B8652C3FB5F40C56A0C6A5D390E8594BD3AEB65DF0D4785D89150F7A5C8C910985F470173F555E103B2FF9DF7F
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DFB766B9BF9FF32810.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):1.226572832811732
                      Encrypted:false
                      SSDEEP:48:E9Uu2I+CFXJvT58g5g7kES2kuAEkCyIh6kES2kUTEr:wUmXTX5U6vCSs
                      MD5:64DBB02268000C58D0C1BFB7563C516E
                      SHA1:151991298BE00591845CD26C938D6E31A714E54A
                      SHA-256:72A7AAA18B2309E13F684085C8B89BDA58803FEFF61A6BCC3A7CE91A0FAD02F9
                      SHA-512:B06DE64DC59F736019881620ECE05D57344E54B8652C3FB5F40C56A0C6A5D390E8594BD3AEB65DF0D4785D89150F7A5C8C910985F470173F555E103B2FF9DF7F
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Windows\Temp\~DFF54EF00B86A95D25.TMP

                      Download File
                      Process:C:\Windows\System32\msiexec.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):512
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                      Malicious:false
                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      Static File Info

                      General

                      File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {95A92FE2-A6E7-4528-901E-5526269D9142}, Number of Words: 10, Subject: New Ar, Author: New Ar, Name of Creating Application: New Ar, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o New Ar., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Fri Aug 16 16:21:28 2024, Last Saved Time/Date: Fri Aug 16 16:21:28 2024, Last Printed: Fri Aug 16 16:21:28 2024, Number of Pages: 450
                      Entropy (8bit):7.993853295572231
                      TrID:
                      • Windows SDK Setup Transform Script (63028/2) 88.73%
                      • Generic OLE2 / Multistream Compound File (8008/1) 11.27%
                      File name:EYOFFTITMDLXZJFFCCGFDTBIY.msi
                      File size:67'692'544 bytes
                      MD5:dde14d0e46b12f8a8c0cd770b905162c
                      SHA1:a2d8c6e6bd927d1905bd174303a1dc5facf25590
                      SHA256:a75287cc1412efff5df14e6e8a59cf38bdb3e2fbd60f19126671fe5493cee47b
                      SHA512:6bd3467b1f61488aae4e8067f28f9462f14296f3c4312b12135ebeca3df2cc9c5c50a392edbe995a84f90cbc240d5b5d1979076235c53ab646ad9ccbe07dc481
                      SSDEEP:1572864:YdvXF+e76KJ9I4OzKvmTq4aMh6zGORvApErPLpcNRc3xBKHR:uP5J9I9GWhC7vApEXNCH
                      TLSH:0AE73361B18B8116FA7D5176A93AEF6F44BE7F73033040E737A4BA1A09F98D061B6503
                      File Content Preview:........................>...........................................}...........J.......f.......s...............................................................i.......&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;..

                      File Icon

                      Icon Hash:2d2e3797b32b2b99

                      Network Behavior

                      No network behavior found

                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:07:58:13
                      Start date:28/08/2024
                      Path:C:\Windows\System32\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\EYOFFTITMDLXZJFFCCGFDTBIY.msi"
                      Imagebase:0x7ff7ad7a0000
                      File size:69'632 bytes
                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:2
                      Start time:07:58:13
                      Start date:28/08/2024
                      Path:C:\Windows\System32\msiexec.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\msiexec.exe /V
                      Imagebase:0x7ff7ad7a0000
                      File size:69'632 bytes
                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:false

                      General

                      Target ID:3
                      Start time:07:58:16
                      Start date:28/08/2024
                      Path:C:\Windows\SysWOW64\msiexec.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 03C0057B2BCA561143D0212352BCB168
                      Imagebase:0x6d0000
                      File size:59'904 bytes
                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      Disassembly

                      No disassembly